CVE-2023-34960

This PoC exploits CVE-2023-34960, a command injection vulnerability in Chamilo's SOAP web service. It crafts a malicious SOAP request to execute arbitrary commands via the `file_name` parameter.

This is a functional exploit for CVE-2023-34960, targeting an unauthenticated command injection vulnerability in Chamilo LMS. The exploit crafts a malicious SOAP request to execute arbitrary commands via the `file_name` parameter in the `wsConvertPpt` endpoint.

This repository contains a Python-based exploit for CVE-2023-34960, a command injection vulnerability in Chamilo. The exploit automates the detection and exploitation of the vulnerability by sending a malicious SOAP request to upload a web shell (wso.php).

This is a Python 2.7 exploit for CVE-2023-34960, targeting Chamilo LMS. It leverages a SOAP-based command injection vulnerability to achieve remote code execution (RCE) and uploads a PHP shell.

This repository contains a functional exploit for CVE-2023-34960, a command injection vulnerability in Chamilo LMS. The PoC leverages a SOAP API endpoint to execute arbitrary commands via crafted XML payloads.

This repository contains a functional exploit for CVE-2023-34960, a command injection vulnerability in Chamilo. The exploit leverages a crafted SOAP request to execute arbitrary commands, including downloading and uploading a shell (anon.php).

The repository contains a functional exploit for CVE-2023-34960, a mass unauthenticated command injection vulnerability in Chamilo. The exploit is obfuscated using base85 encoding and zlib compression, which is a common technique to bypass simple detection mechanisms.

The repository contains only a README.md file describing CVE-2023-34960, an RCE vulnerability in Chamilo's SOAP API. No exploit code or technical details are provided.

This repository contains a Python-based exploit for CVE-2023-34960, a mass unauthenticated command injection vulnerability in Chamilo. The exploit is obfuscated using base85 and zlib decompression, while the hunt.py script is a scanner for finding vulnerable Chamilo instances using the Hunter.how API.

This repository contains a Python-based exploit for CVE-2023-34960, targeting a command injection vulnerability in Chamilo LMS. The exploit crafts a malicious SOAP request to execute arbitrary commands via the `file_name` parameter in the `wsConvertPpt` endpoint.

This repository contains a functional exploit for CVE-2023-34960, a command injection vulnerability in Chamilo LMS. The exploit crafts a malicious SOAP request to execute arbitrary commands via the `file_name` parameter in the `wsConvertPpt` endpoint.

This Metasploit module exploits an unauthenticated remote command execution vulnerability in Chamilo (CVE-2023-34960) via a malicious SOAP request to the `/main/webservices/additional_webservices.php` endpoint. It supports multiple payload types including PHP, Unix commands, and Linux droppers.