A scanning utility and PoC for CVE-2023-50164
CVE-2023-50164's exploitation is very environment specific. This PoC attempts to generalize the exploitation process by requiring the user to enter environment specific details through the script flags.
The script attempts to upload a benign file and overwrite it with a file path passed by the user. Although the script (necessarily) allows users to upload their own file paths, the file content written to that path is completely benign, it's simply "SUCCESSFULLY EXPLOITED CVE-2023-50164 AT "
Original Reference: https://xz.aliyun.com/t/13172
Before running the script you need to install the requirements.txt
python3 -m pip install -r requirements.txt
The script accepts the following flags:
- --url: The URL of the target
- --uploadvar: The name of the variable that the script will use to upload the file,in the reference this would be "Upload"
- --filenamevar: The name of the variable that the script will use for the uploadFileName value, in the reference this would be "uploadFileName"
- --payloadpath: The path of the payload file that will be uploaded
- --follow302: A boolean which indicates whether the script should follow 302 redirects or not
- --verbose: A boolean which indicates whether the script should print verbose output or not
python3 cve202350164.py --url http://localhost:8080 --uploadvar Upload --filenamevar uploadFileName --payloadpath /tmp/payload.txt --follow302 --verbose