Exploit for Link Following in Ghost CVE-2023-40028

Name: Exploit for Link Following in Ghost CVE-2023-40028
Rating: 5 (414 reviews)

2024-12-28 | CVSS 6.5

## https://sploitus.com/exploit?id=DE2F7ABE-9AA0-5019-BFC9-A60C91D3A014
# CVE-2023-40028 PoC Exploit
Symlink Upload Vulnerability in Ghost CMS Leading to Arbitrary File Read

![POC Image](https://www.zyenra.com/assets/img/CVE-2023-40028/poc.png)

## Vulnerability Details

**CVE-2023-40028** is a vulnerability in **Ghost CMS** versions prior to **5.59.1**, where authenticated users can upload symbolic links (symlinks) that lead to arbitrary file reading on the host system.  The vulnerability can be exploited by leveraging the upload feature in Ghost CMS to place a symlink pointing to sensitive files. Once the symlink is uploaded, attackers can access the target file via a crafted HTTP request to the server.

## Exploit Usage

```bash
git clone https://github.com/rvizx/CVE-2023-40028
cd CVE-2023-40028
python3 exploit.py --url <http://target-ghost-cms> -u <username> -p <password>
```

## References

- [CVE-2023-40028 on Mitre](https://vulners.com/cve/CVE-2023-40028)
- Credits - [PoC Exploit by 0xyassine](https://github.com/0xyassine/CVE-2023-40028/)