11 matches found
CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...
Metasploit Wrap-Up 03/08/2024
New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...
BoidCMS 2.0.0 Command Injection Exploit
This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. This module requires Metasploit:...
BoidCMS Command Injection
This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. Module Options msf use exploit/multi/http/cve202338836boidcms msf...
BoidCMS 2.0.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...
BoidCMS 2.0.0 Shell Upload
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
BoidCMS v2.0.0 - authenticated file upload vulnerability
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
BoidCMS v2.0.0 - authenticated file upload Exploit
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ==== file = 'file' :...
CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...
CVE-2023-38836
creationtimestamp| type| source ---|---|--- 2023-08-17 07:09:39+00:00| published-proof-of-concept| https://t.me/CNArsenal/886 2023-08-17 12:25:33+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8865 2023-08-18 17:23:51+00:00| published-proof-of-concept|...
Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms
CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS v...