Skip to content

Instantly share code, notes, and snippets.

@Argonx21
Last active October 15, 2023 15:33
Show Gist options
  • Save Argonx21/9ab62f6e5d8bc6d39b8a338426af121e to your computer and use it in GitHub Desktop.
Save Argonx21/9ab62f6e5d8bc6d39b8a338426af121e to your computer and use it in GitHub Desktop.
CVE-2023-24517

CVE-2023-24517

# Vulnerability Title: Remote Code Execution via Unrestricted File Upload
# Vendor Homepage: https://pandorafms.com/en/
# Version: <= v767
# CVE: CVE-2023-24517
# CVSS 3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L (6.4 Medium)
# Exploit Author: Gaurish Kauthankar
# Date: 22/08/2023

Steps to reproduce:

  1. Login as an admin user, go to admin tools > file manager.
  2. Click on upload a file & upload a valid image file.
  3. Intercept the request & change file extension from png/jpg/jpeg to phar and keep the content-type value the same as the image file.
  4. Keep the first few lines of the original image file content and append malicious php code at the end.
  5. Once done, send the request & observe the response.
  6. Access the uploaded phar file > add parameter name followed by the system commands.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment