Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-43258 PoC — ChurchInfo 代码问题漏洞

Source
https://github.com/MRvirusIR/CVE-2021-43258
Associated Vulnerability
Title:ChurchInfo 代码问题漏洞 (CVE-2021-43258)
Description:CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.
Description
ChurchInfo 1.2.13-1.3.0 Remote Code Execution Exploit
Readme
# CVE-2021-43258

ChurchInfo 1.2.13-1.3.0 Remote Code Execution Exploit

| Full title  |                                                                                                                                                                                                                       ChurchInfo 1.2.13-1.3.0 Remote Code Execution Exploit                                                                                                                                                                                                                        |
| ----------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
| Date add    |                                                                                                                                                                                                                                             21-11-2022                                                                                                                                                                                                                                             |
| Category    |                                                                                                                                                                                                                                          remote exploits                                                                                                                                                                                                                                           |
| Platform    |                                                                                                                                                                                                                                                php                                                                                                                                                                                                                                                 |
| Risk        |                                                                                                                                                                                                                                      [Security RiskCritical]                                                                                                                                                                                                                                       |
| Description | This Metasploit module exploits the logic in the CartView.php page when crafting a draft email with an attachment. By uploading an attachment for a draft email, the attachment will be placed in the /tmp_attach/ folder of the ChurchInfo web server, which is accessible over the web by any user. By uploading a PHP attachment and then browsing to the location of the uploaded PHP file on the web server, arbitrary code execution as the web daemon user (e.g. www-data) can be achieved. |
| CVE         |                                                                                                                                                                                                                                           CVE-2021-43258                                                                                                                                                                                                                                           |
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →