Exploit for Cross-site Scripting in Chamilo Chamilo_Lms CVE-2023-4220

## https://sploitus.com/exploit?id=729E115C-9E3D-5995-A504-FC4C7264448E
# CVE-2023-4220 (Arbitrary File Upload / RCE) - PoC 

I created this script to automate the exploitation of **CVE-2023-4220** and obtain a reverse shell on the Hack The Box [PermX](https://www.hackthebox.com/machines/permx) machine.

This vulneraibilitie affects **Chamilo LMS versions ≤ 1.11.24**, due to insufficient validation in the **big upload funcionality**. An unauthenticated attacker can upload files toa publicly accesible directory, which may lead to **stored XSS** or **Remote code Excecution (RCE)** if a malicious script in uploaded.

the vulerable endpoint is located in:

```java
/main/inc/lib/javascript/bigupload/files/
```

When file names and types are not properly validated, uploaded files can be accessed directly through the web server.

![PoC](Images/Image1.png)

![PoC](Images/Image2.png)

![PoC](Images/Image3.png)