https://github.com/1337kid/cve-2023-38836

Exploit for file upload vulnerability in BoidCMS version <=2.0.0
https://github.com/1337kid/cve-2023-38836

Last synced: 11 months ago
JSON representation

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

Host: GitHub
URL: https://github.com/1337kid/cve-2023-38836
Owner: 1337kid
License: gpl-3.0
Created: 2023-08-16T14:30:30.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-07-05T18:17:07.000Z (almost 2 years ago)
Last Synced: 2024-07-05T23:51:44.611Z (almost 2 years ago)
Language: Python
Size: 132 KB
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# CVE-2023-38836 Exploit
File Upload vulnerability in BoidCMS v.2.0.0 allows an authenticated attacker to upload a file with dangerous type (CWE-434).

To exploit, an attacker could add a GIF header to bypass MIME type checks.
```php
GIF89a;

```

## Usage
```
usage: CVE-2023-38836.py [-h] [-u URL] [-U USER] [-P PASSWD] [-l LHOST] [-p LPORT]

Exploit for CVE-2023-38836

options:
-h, --help show this help message and exit
-u URL, --url URL website url
-U USER, --user USER admin username
-P PASSWD, --passwd PASSWD
admin password
-l LHOST, --lhost LHOST
listening host
-p LPORT, --lport LPORT
listening port
```

![](img.png)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/1337kid/cve-2023-38836

Awesome Lists containing this project

README