CVE-2023-26469

The repository contains a functional exploit script for CVE-2023-26469, which leverages a path traversal vulnerability in Jorani 1.0.0 to upload a malicious PHP shell for remote code execution. The PoC demonstrates the vulnerability by sending a crafted multipart/form-data request to upload a shell.

This repository contains a functional exploit for CVE-2023-26469, targeting Jorani 1.0.0. The exploit combines path traversal and log injection to achieve remote code execution by injecting malicious PHP code into log files and accessing them via traversal.

This Metasploit module exploits an unauthenticated RCE in Jorani < 1.0.2 by chaining log poisoning, header spoofing, and path traversal to execute arbitrary PHP code. It leverages a CSRF token bypass and log file inclusion to trigger the payload.