Share
## https://sploitus.com/exploit?id=788E6E71-E796-575B-9100-C67A8D816D5F
## CVE-2023-50564 (PoC)

This repository contains a Proof of Concept for CVE-2023-50564 vulnerability in Pluck CMS version 4.7.18

![image](https://github.com/user-attachments/assets/d848a6f0-6ede-4d9f-81de-e6d697c27bcd)

## Description

CVE-2023-50564 is a vulnerability that allows unauthorized file uploads in Pluck CMS version 4.7.18. This exploit leverages a flaw in the module installation function to upload a ZIP file containing a PHP shell, thereby enabling remote command execution.

## Usage

### Prerequisites

- Python 3.x
- The `requests` and `requests_toolbelt` packages

You can install the necessary packages with the following command:

```bash
pip install requests requests_toolbelt
```
## Instructions
1. Clone this repository:

```bash
git clone https://github.com/Rai2en/CVE-2023-50564_Pluck-v4.7.18_PoC.git
cd CVE-2023-50564_Pluck-v4.7.18_PoC
```

2. Replace <hostname> with the target domain name or IP address in the PoC script.

3. Create a `payload.zip` file containing `shell.php`. I recommand [pentestmonkey](https://github.com/pentestmonkey/php-reverse-shell) PHP reverse shell and replace `<your_ip>` and `<port>` fields with your IP and listening port.

4. Run the PoC script:

```bash
python exploit.py
```
You will be prompted to enter the path to the ZIP file:
```bash
ZIP file path: ./path/to/payload.zip
```
## Output example 

- If the login and upload are successful:

```bash
Login successful
ZIP file upload successfuly.
<output of the executed shell.php>
```

- If a login error occurs:

```bash
Login problem. response code: <code>
```

- If an upload error occurs:

```bash
ZIP file upload error. Response code: <code>
```

## Note 
Ensure that the `shell.php` file contains the correct reverse shell and your listener is waiting for the connection on the specified port.