# Crater-CVE-2023-46865-RCE
Crater <=6.0.6, CVE-2023-46865 Post-Auth RCE (Superadmin)

## Vulnerability Description

Crater Invoice is vulnerable to unrestricted file upload with dangerous type due to lack of proper input validation. The Base64Mime checking class can be bypassed by embedding a valid PHP payload into an IDAT image chunk. A user with superadmin privileges is able to upload the crafted payload through company logo at /api/v1/company/upload-logo.

## Usage

    $~ usage: python3 --target TARGET --email EMAIL --password PASSWORD [--cmd CMD]
    $~ python3 --target --email --password test1234 --cmd 'whoami'  

    $~ python3 -h                                                                                                                                                                                       
    usage: [-h] --target TARGET --email EMAIL --password PASSWORD [--cmd CMD]
    Crater Invoice RCE - CVE-2023-46865
      -h, --help           show this help message and exit
      --target TARGET      Target URL
      --email EMAIL        Email
      --password PASSWORD  Password
      --cmd CMD            Command to execute
## Tested on

    - Crater 6.0.6
    - Kali 6.1.0
## References

## Credit
[faisalfs10x]( - for helping develop proof of concept.

## Disclaimer:

    The script is for security analysis and research only, hence I would not be liable if it is been used for illicit activities