CVE-2023-23333

This exploit demonstrates a command injection vulnerability in SolarView Compact 6.00 via the 'file' parameter in downloader.php. It executes a base64-encoded command to read /etc/passwd, confirming RCE if 'root' is found in the output.

This repository contains a functional Nuclei template for CVE-2023-23333, which exploits an OS command injection vulnerability in SolarView Compact 6.00 via the downloader.php endpoint. The template sends a crafted HTTP request with a command injection payload and checks for execution by matching the output of the 'id' command.

The repository contains a functional command injection exploit for CVE-2023-23333 in SolarView Compact <=6.00. The PoC leverages the `downloader.php` file parameter to bypass restrictions and execute arbitrary commands via a base64-encoded payload.

The repository claims to provide an Nmap NSE script for exploiting CVE-2023-23333 but lacks actual code or technical details. It references an unrelated CVE (CVE-2022-29303) and provides no exploit logic, only generic usage instructions.

This Metasploit module exploits a command injection vulnerability in SolarView Compact v6.00 via the `downloader.php` endpoint, allowing unauthenticated remote code execution. It supports multiple payload types, including PHP, Unix commands, and Linux droppers, with techniques to hide payloads in PNG files.