root💀senseicat:~#

Hack. Eat. Sleep. Repeat!!!

---

Project maintained by SENSEiXENUS Hosted on GitHub Pages — Theme by mattgraham

CVE-2023-50564 (PoC)

This repository contains a Proof of Concept for CVE-2023-50564 vulnerability in Pluck CMS version 4.7.18

Description

CVE-2023-50564 is a vulnerability that allows unauthorized file uploads in Pluck CMS version 4.7.18. This exploit leverages a flaw in the module installation function to upload a ZIP file containing a PHP shell, thereby enabling remote command execution.

Usage

Prerequisites

• Python 3.x
• The requests and requests_toolbelt packages

You can install the necessary packages with the following command:

pip install requests requests_toolbelt

• Usage-:

    ❯ ./pluckCMS.py --help
    usage: pluckCMS.py [-h] [-hst HOST] [-u USERNAME] [-p PASSWORD]
    
    options:
      -h, --help            show this help message and exit
      -hst HOST, --host HOST
                            Format: domain.com
      -u USERNAME, --username USERNAME
                            Username....
      -p PASSWORD, --password PASSWORD
                            Password....

• Test carried out on greenhorn htb lab

---