CVE-2023-30253

This is a functional exploit for CVE-2023-30253, targeting Dolibarr <= 17.0.0. It achieves remote code execution by injecting PHP code into a website page via authenticated API calls, resulting in a reverse shell.

This repository contains a working exploit for CVE-2023-30253, a remote code execution vulnerability in Dolibarr 17.0.0. The exploit leverages an uppercase manipulation technique to bypass PHP code injection filters, allowing authenticated users to execute arbitrary commands.

This PoC exploits CVE-2023-30253, an authenticated RCE vulnerability in Dolibarr ERP/CRM. It automates login, website/page creation, and payload injection via a malicious PHP section to execute system commands.

This PoC exploits CVE-2023-30253 in Dolibarr 17.0.0 by injecting PHP code into a website page via the CMS Website plugin, bypassing restrictions to achieve remote command execution. It authenticates, creates a site/page, injects a reverse shell payload, and triggers execution.

This repository contains a functional exploit for CVE-2023-30253, an authenticated RCE vulnerability in Dolibarr ERP/CRM. The exploit bypasses PHP code sanitation by using mixed-case variations (e.g., 'PHP' or 'pHp') and provides multiple payload options including reverse shells and custom commands.

This is a functional exploit for CVE-2023-30253, targeting Dolibarr <= 17.0.0. It achieves remote code execution by injecting a PHP reverse shell into a dynamically created website page after authenticating as a valid user.

This exploit targets CVE-2023-30253, a PHP code injection vulnerability in Dolibarr 17.0.0. It authenticates with default credentials, creates a site and page, injects malicious PHP code, and triggers execution to achieve remote command execution via a reverse shell.

This PoC exploits an authenticated RCE vulnerability in Dolibarr CMS by creating a malicious website page with embedded PHP code that executes a base64-encoded reverse shell payload. It automates login, website/page creation, and payload delivery.