Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-48292 PoC — XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

Source
https://github.com/Mehran-Seifalinia/CVE-2023-48292
Associated Vulnerability
Title:XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks (CVE-2023-48292)
Description:The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the attacker can leave a comment on any page in the wiki it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. When an admin views the comment, the file `/tmp/attacked` will be created on the server. The output of the command is also vulnerable to XWiki syntax injection which offers a simple way to execute Groovy in the context of the XWiki installation and thus an even easier way to compromise the integrity and confidentiality of the whole XWiki installation. This has been patched by adding a form token check in version 4.5.1 of the admin tools. Some workarounds are available. The patch can be applied manually to the affected wiki pages. Alternatively, the document `Admin.RunShellCommand` can also be deleted if the possibility to run shell commands isn't needed.
Description
XWiki Admin Tools - CSRF to RCE
Readme

# CVE-2023-48292 Exploit 🛠️

![Python Version](https://img.shields.io/badge/python-3.x-blue.svg)

| CVE ID          | CVSS Score   | Discovered   | Affected Plugin  | Vulnerability Type |
|-----------------|--------------|--------------|------------------|--------------------|
| **CVE-2023-48292**  | ![High](https://img.shields.io/badge/9.8-High-red) | 01/03/2023   | Web Applications | 🐚 Command Injection  |

## Description 📜

**CVE-2023-48292** is a critical vulnerability that affects certain web applications, allowing an attacker to **inject arbitrary shell commands** into the target system. This exploit takes advantage of improper input validation in the `RunShellCommand` functionality, which leads to **command execution** on the server.

## Prerequisites 🧰

Before running this script, make sure you have the following dependencies installed:

- **Python 3.x**
  
To install required libraries, simply run:

```bash
pip install -r requirements.txt
```

This will install all necessary dependencies listed in the `requirements.txt` file.

## Usage 🚀

### Arguments

| Argument       | Description                                                     |
|----------------|-----------------------------------------------------------------|
| `target`       | **Required**: The target URL of the vulnerable web application. |
| `--exploit`    | Optional: If specified, attempts to exploit the vulnerability with the provided payload. |
| `--payload`    | Optional: A custom payload to exploit the vulnerability. Default is `echo 'testtesttest1234'`. |
| `--method`     | Optional: HTTP method to use (GET or POST). Default is `GET`.    |
| `--logfile`    | Optional: Path to a log file where results will be saved. Default is `exploit.log`. |

### Example

1. **Check if a target is vulnerable:**

```bash
python exploit.py https://vulnsite.com
```

2. **Attempt exploitation with a custom payload:**

```bash
python exploit.py https://vulnsite.com --exploit --payload "echo 'custompayload'"
```

3. **Use the POST method:**

```bash
python exploit.py https://vulnsite.com --method POST --exploit
```

## Exploit Details 🔍

This script checks whether the target URL is vulnerable to **CVE-2023-48292**. It sends a test payload to the server and inspects the response for evidence of command execution. If the server is vulnerable, the script will execute a shell command on the target system.

### Vulnerability Description

- **CVE-2023-48292** allows attackers to execute arbitrary shell commands on the target server via the `RunShellCommand` function. The flaw is due to improper input validation, enabling attackers to inject system commands directly.

### Technical Analysis 🧠

- The vulnerability allows arbitrary command execution on the target system, which could lead to a complete compromise of the server. This script sends a specially crafted payload that triggers the vulnerability, logging the response for verification.

## References 🔗

- **CVE Details**: [CVE-2023-48292 on CVE Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48292)
- **Vulnerability Information**: [CVE-2023-48292 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-48292)

## License 📜

This script is intended for **educational purposes only**. Use responsibly and only on systems you have permission to test.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →