Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-20273 PoC — Cisco IOS XE Software 安全漏洞

Source
https://github.com/smokeintheshell/CVE-2023-20273
Associated Vulnerability
Title:Cisco IOS XE Software 安全漏洞 (CVE-2023-20273)
Description:A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
Description
CVE-2023-20273 Exploit PoC
Readme
# CVE-2023-20273
CVE-2023-20273 Exploit PoC

## Usage
```
usage: exploit.py [-h] -t URL -u Username -p Password (-c Command | -r) [-dest Outfile] [-www | -tcp | -null] [-ip LocalIP] [-port LocalPort] [-fs filesystem] [-path filepath] [-operation operation_type] [-v] [-q]

CVE-2023-20273 Exploit PoC

options:
  -h, --help                    show this help message and exit

Target options:
  [Mandatory] Target arguments

  -t URL, --url URL             Target Cisco URL (eg https://192.168.1.1 or http://192.168.2.2:8080)
  -u Username, --user Username  Cisco webui user name
  -p Password, --pass Password  Cisco webui user pass

Exploit mode:
  [Mandatory] Exec command or reverse shell

  -c Command                    Command to run
  -r                            Reverse shell (requires -ip and -port)

Output Options:
  [Optional] Command output options

  -dest Outfile                 [-r | -www | -tcp] destination file (default: random)
  -www                          [Default] Attempt to retrieve output via target web server
  -tcp                          [Not implemented] Attempt to send output to a TCP listener (requires -ip and -port)
  -null                         Do not attempt to get command output

Callback Options:
  For reverse shell or command output

  -ip LocalIP                   Local IP for reverse shell/command output
  -port LocalPort               Local port for reverse shell/command output

Exploit options:
  [Not implemented] Exploit modifiers

  -fs filesystem                Filesystem on target for exploit staging (default: flash)
  -path filepath                Filepath on target filesystem for exploit staging (default: shellsmoke)
  -operation operation_type     Install operation type (not currently implemented) (default: SMU)

Verbosity control:
  -v                            Verbose output
  -q                            Suppress Banner
```
File Snapshot

 [4.0K]  /data/pocs/368923db41e8a1080ea625b52a3e3ee7160a13bc
├── [ 24K]  exploit.py
└── [1.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →