Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/monke443/cve-2023-40028

Arbitrary file read in Ghost-CMS allows an attacker to upload a malicious ZIP file with a symlink.
https://github.com/monke443/cve-2023-40028

cve cve-2023-40028 exploit ghost-cms github pentesting security vulnerability

Last synced: about 21 hours ago
JSON representation

Arbitrary file read in Ghost-CMS allows an attacker to upload a malicious ZIP file with a symlink.

Awesome Lists containing this project

README 

        
# CVE-2023-4002 Ghost-Arbitrary-File-Read (< 5.59.1)



A vulnerability in Ghost CMS (CVE-2023-40028) that allows an authenticated attacker to read arbitrary files from the server. By leveraging the symlink functionality within a ZIP file, the exploit bypasses restrictions in Ghost CMS's import mechanism to access sensitive files on the system.



# Requirements



    [!] Valid credentials required

    Python 3.7+

    Dependencies: requests, argparse, and standard Python libraries.



# Usage



`python3 exploit.py --user [email protected] --password Strongpassword123! --url http://example.com`



    --user : The username/email for the target Ghost CMS.

    --password : The password for the target Ghost CMS.

    --url : The URL of the target Ghost CMS (e.g., http://website.com).



  1) Login: The script authenticates with the Ghost CMS admin API and retrieves a session cookie.

  2) Interactive Shell: Once logged in, the script prompts for a file path to read form the server.



# Shell Example:



![image](https://github.com/user-attachments/assets/4023e8e8-4aae-49d6-aa5a-12c75f3adcfa)



# References

[CVE-2023-40028 ~1](https://nvd.nist.gov/vuln/detail/CVE-2023-40028).



[CVE-2023-40028 ~2](https://www.recordedfuture.com/vulnerability-database/CVE-2023-40028).



Disclaimer

This script is for educational purposes.