This repository contains a Proof of Concept for CVE-2023-50564 vulnerability in Pluck CMS version 4.7.18
CVE-2023-50564 is a vulnerability that allows unauthorized file uploads in Pluck CMS version 4.7.18. This exploit leverages a flaw in the module installation function to upload a ZIP file containing a PHP shell, thereby enabling remote command execution.
- Python 3.x
- The
requestsandrequests_toolbeltpackages
You can install the necessary packages with the following command:
pip install requests requests_toolbelt- Clone this repository:
git clone https://github.com/Rai2en/CVE-2023-50564_Pluck-v4.7.18_PoC.git
cd CVE-2023-50564_Pluck-v4.7.18_PoC-
Replace with the target domain name or IP address in the PoC script.
-
Create a
payload.zipfile containingshell.php. I recommand pentestmonkey PHP reverse shell and replace<your_ip>and<port>fields with your IP and listening port. -
Run the PoC script:
python exploit.pyYou will be prompted to enter the path to the ZIP file:
ZIP file path: ./path/to/payload.zip- If the login and upload are successful:
Login account
ZIP file download.
<output of the executed shell.php>- If a login error occurs:
Login problem. response code: <code>- If an upload error occurs:
ZIP file download error. Response code: <code>Ensure that the shell.php file contains the correct reverse shell and your listener is waiting for the connection on the specified port.