Exploit for Command Injection in Chamilo CVE-2023-34960

## https://sploitus.com/exploit?id=3929DDFE-105E-5880-91E3-1C34AA3FC022
# Chamilo_CVE-2023-34960-EXP

帮助：

	usage: CVE-2023-34960.py [-h] [-u URL] [-f FILE] [-c COMMAND]

	options:
	  -h, --help            show this help message and exit
	  -u URL, --url URL     完整URL地址(http/https)
	  -f FILE, --file FILE  批量URL文件
	  -c COMMAND, --command COMMAND  执行命令,可选


示例：

	#单个url

	python3 CVE-2023-34960.py -u https://xxxxxxx

![image](https://github.com/YongYe-Security/Chamilo_CVE-2023-34960-EXP/assets/90460865/f7e0b158-5b13-4450-ac91-51a93b2fa0c0)


	#批量扫描
	python3 CVE-2023-34960.py -f url.txt
 ![image](https://github.com/YongYe-Security/Chamilo_CVE-2023-34960-EXP/assets/90460865/28cefd58-f067-4832-ab52-8134df9a2c33)

存在漏洞的扫描结果会存放在当前目录Kill_ALL.txt

微信公众号：YongYe 安全实验室


![yongye](https://github.com/YongYe-Security/Chamilo_CVE-2023-34960-EXP/assets/90460865/91eb1374-1631-476b-9213-71fec8219c95)