graypwn graypwn

## CVE-2023-41892-POC.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                graypwn
                / CVE-2023-41892-POC.md
            
            
              Created
              December 17, 2023 15:05
                — forked from to016/CVE-2023-41892-POC.md
            
              
                CVE-2023-41892 (Craft CMS Remote Code Execution) - POC
              
          
    This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).
Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.
POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.

  
## wmic_cmds.txt
Host Enumeration:

--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)

wmic computersystem LIST full

--- Anti-Virus ---

wmic /namespace:\\root\securitycenter2 path antivirusproduct
	Host Enumeration:

	--- OS Specifics ---
	wmic os LIST Full (* To obtain the OS Name, use the "caption" property)

	wmic computersystem LIST full

	--- Anti-Virus ---

	wmic /namespace:\\root\securitycenter2 path antivirusproduct