https://github.com/superswan/heimshell

CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring.
https://github.com/superswan/heimshell

exploit security webapp

Last synced: 5 months ago
JSON representation

CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring.

• Host: GitHub
• URL: https://github.com/superswan/heimshell
• Owner: superswan
• Created: 2025-06-26T23:00:53.000Z (7 months ago)
• Default Branch: main
• Last Pushed: 2025-06-26T23:05:52.000Z (7 months ago)
• Last Synced: 2025-06-27T00:28:36.010Z (7 months ago)
• Topics: exploit, security, webapp
• Language: Python
• Homepage:
• Size: 3.91 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# HeimShell (CVE-2023-51803)

**HeimShell** is an exploit for CVE-2023-51803, leveraging an arbitrary file-upload vulnerability in LinuxServer.io Heimdall (≤ 2.5.6). It will auto-detect the target version and either  warn of exploitability or remote fetch a php shell defined by `SHELL_URL` 

- **≤ 2.2.2**: Aribtrary file upload is possible but files are served statically and URLs are not remotely fetched

- **≥ 2.2.3 & ≤ 2.5.6**: remote-fetch PHP shell via icon URL upload  

---

* **Version Check:** Retrieves `/settings` and parses the Version field to ensure arbitrary upload capability exists.

* **CSRF Token Retrieval:** Loads `/items/create` and scrapes the hidden `_token` input.

* **Shell Deployment:** For versions ≥ 2.2.3, it uses the icon parameter pointing to a remote PHP shell URL on a webserver

* **Item Enumeration:** Scrapes the item list (`/items`) to find the dashboard entry matching the random tag.

* **Shell URL Extraction:** Checks edit page (`/items//edit`), finds `icon` or `#appimage img` element, and prints shell URL.

```

python heimShell.py 

detected version: 2.4.13

☠  shell uploaded at: /storage/icons/abc123DEF456.php

```

## References

[https://nvd.nist.gov/vuln/detail/CVE-2023-51803](https://nvd.nist.gov/vuln/detail/CVE-2023-51803)

[https://rz.my/2024/06/cve-2023-51803-arbitrary-file-upload-in-linuxserverio-heimdall.html](https://rz.my/2024/06/cve-2023-51803-arbitrary-file-upload-in-linuxserverio-heimdall.html)

## Disclaimer

This tool is for authorized security testing only. Unauthorized use against systems you do not own or have explicit permission to test is illegal and unethical.