Exploit for Path Traversal in Xibosignage Xibo CVE-2023-33177

## https://sploitus.com/exploit?id=313DB74B-1C7D-5E84-925C-DA6C834996D5
# Xibo CMS CVE-2023-33177 Vulnerability Tester

[![Python 3.6+](https://img.shields.io/badge/python-3.6+-blue.svg)](https://www.python.org/downloads/)
[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)

Automated security testing tool for **CVE-2023-33177** - Zip Slip Path Traversal vulnerability in Xibo CMS that leads to Remote Code Execution (RCE).

## ⚠️ Disclaimer

> **This tool is for educational and authorized testing purposes only.**
> Only use on systems you own or have explicit permission to test.
> Unauthorized testing is illegal and unethical.

## 📋 Description

Xibo CMS versions **1.8.0-2.3.16** and **3.0.0-3.3.4** are vulnerable to a path traversal attack via the layout import functionality. This tool safely tests if your Xibo instance is vulnerable by attempting to write a harmless test file.

### Vulnerability Details
- **CVE ID**: CVE-2023-33177
- **Type**: Zip Slip Path Traversal → Remote Code Execution
- **Impact**: Authenticated attackers can write arbitrary files to the web server
- **Fix**: Upgrade to Xibo CMS 3.3.5+ or 2.3.17+

## 🚀 Features

- ✅ Non-destructive testing (only reads /etc/passwd for verification)
- ✅ Automatic authentication handling
- ✅ Safe payload generation
- ✅ Clear vulnerability reporting
- ✅ Automatic cleanup of test files
- ✅ Works with HTTP/HTTPS

## 📦 Installation

```bash
# Clone the repository
git clone https://github.com/yourusername/xibo-cve-2023-33177-tester.git
cd xibo-cve-2023-33177-tester

# Install requirements
pip install -r requirements.txt# -CVE-2023-33177-