## https://sploitus.com/exploit?id=BDB7437B-0F60-5F0C-88E0-792D83E7A4EB
# CVE-2023-40028 Exploit
This script exploits a vulnerability in Ghost CMS, allowing arbitrary file read through symbolic link abuse.
# Features
- Creates a symlink to the target file
- Compresses the payload into a ZIP file
- Uploads the ZIP file via the Ghost API
- Reads the file through an accessible image URL
- Cleans up after execution
# Usage
```python3 exploit.py -u <username> -p <password>```
Once the shell starts, enter the full file path you want to read (without spaces) and hit enter.
To exit, type exit.
# Requirements
Python 3.x
`requests` module
# Disclaimer
This script is for educational and authorized security research purposes only. Do not use it on systems you do not own or have explicit permission to test.
# License
This project is licensed under the MIT License - see the LICENSE file for details.