/CVE-2023-30253-PoC

CVE-2023-30253 PoC

Primary LanguagePython

CVE-2023-30253

CVE-2023-30253 PoC

Description

This is my PoC for the CVE-2023-30253 (Dolibarr 17.0.0 PHP Code Injection), when the CMS Website plugin (core) is enabled, an authenticated attacker can obtain remote command execution via php code injection bypassing the application restrictions.

Installation

Clone the repository:

git clone https://github.com/g4nkd/CVE-2023-30253-PoC.git
cd CVE-2023-30253-PoC
pip install -r requirements.txt

Usage

python3 exploit.py -h
usage: exploit.py [-h] -lhost LHOST -lport LPORT -rhost RHOST -user USER -pass PASSWORD

Exploit for CVE-2023-30253

options:
  -h, --help      show this help message and exit
  -lhost LHOST    Local Host (this host will receive the shell)
  -lport LPORT    Local PORT
  -rhost RHOST    Rhost url, example: http://site.com/
  -user USER      Username for Dolibarr
  -pass PASSWORD  Password for Dolibarr