CVE-2023-30258

This exploit demonstrates a command injection vulnerability in MagnusSolution magnusbilling 7.3.0 via the 'democ' parameter in icepay.php. The PoC injects the 'id' command to verify arbitrary command execution.

This is a detailed walkthrough of exploiting CVE-2023-30258 in MagnusBilling, demonstrating unauthenticated RCE via Metasploit and privilege escalation via fail2ban misconfiguration. It includes step-by-step enumeration, exploitation, and post-exploitation techniques.

This Python script automates the exploitation of a command injection vulnerability in Magnus Billing System v7 via the `democ` parameter in `icepay.php`, establishing a reverse shell using a FIFO-based payload with `netcat`.

This repository contains a functional exploit for CVE-2023-30258, a remote code execution vulnerability in Magnus Billing 7.3.0. The exploit leverages command injection via the 'democ' parameter in the 'icepay.php' resource, allowing arbitrary command execution through command chaining with semicolons.

This PoC exploits CVE-2023-30258, a command injection vulnerability in the 'democ' parameter of the icepay.php file in mbilling software. It sends a crafted HTTP request with a command to execute, using a sleep-based technique to verify successful execution.

This is a functional exploit PoC for CVE-2023-30258, targeting a command injection vulnerability in icepay.php. It includes a URL encoding function and a test to verify vulnerability before executing arbitrary commands.

This repository contains a detailed technical writeup of the exploitation process for CVE-2023-30258, including reconnaissance, vulnerability identification, exploitation using Metasploit, and privilege escalation via fail2ban misconfiguration. It provides a step-by-step walkthrough with screenshots and commands used.

This repository contains a functional Python exploit for CVE-2023-30258, demonstrating unauthenticated command injection in Magnus Billing v7 via the `democ` parameter in `icepay.php`. The exploit includes an interactive shell that redirects command output to a file in the webroot and fetches it back over HTTP.

This repository contains a README file referencing CVE-2023-30258, a Remote Code Execution vulnerability in the Tryhackme Billing CTF machine. No actual exploit code is provided.

This exploit targets a command injection vulnerability in Magnus Billing System v7 via the icepay.php endpoint. It crafts a reverse shell payload using netcat and sends it as a GET parameter to achieve remote code execution.

This PoC exploits a command injection vulnerability in the 'democ' parameter of icepay.php, triggering a reverse shell via a crafted payload. The exploit uses a FIFO pipe to establish a persistent connection to the attacker's listener.

This repository contains a setup script for MagnusBilling, a VoIP system, which is vulnerable to CVE-2023-30258. The script automates the installation and configuration of MagnusBilling, including dependencies like Asterisk and MariaDB.

This Metasploit module exploits a command injection vulnerability in MagnusBilling (CVE-2023-30258) via the `democ` parameter in `icepay.php`. It supports multiple payload types including PHP, Unix commands, and Linux droppers for remote code execution.