Skip to content

hatlesswizard/CVE-2023-6875

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
exploit.go
exploit.go
 
 
shell.zip
shell.zip
 
 

Repository files navigation

What the exploit does

  • Places a token that allows you to view mail.
  • Finds the admin's username; if it can't find it, then sets "admin" as the default.
  • It requests a link to reset the admin's password, which is emailed to the admin.
  • Uses the token placed in the first step and examines the mail logs.
  • Selects the most recent log, which contains a link to reset the password.
  • Resets the password using the link received in the previous step.
  • Logs in as the admin.
  • Uploads the shell (a file named shell.zip, which contains a shell).

exploit demo

Usage

  1. Clone: Clone this repository.
  2. Install Golang: Install the latest Golang from https://go.dev/dl/. For example: 
    wget https://go.dev/dl/go1.21.6.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.21.6.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
go version
  3. Run the exploit: 
    go run exploit.go https://example.com

Author

Exploit is developed by az_AZ

About

CVE-2023-6875 exploit written for Xakep.Ru

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages