CVE-2023-40028

This exploit leverages a symlink traversal vulnerability in Ghost CMS versions prior to 5.59.1, allowing authenticated users to upload a crafted ZIP file containing a symlink to arbitrary files on the host system, enabling arbitrary file read.

This repository contains a functional exploit for CVE-2023-40028, which allows authenticated users to upload symlinks in Ghost CMS versions before 5.59.1, leading to arbitrary file read vulnerabilities. The exploit automates the process of creating a symlink, uploading it via the Ghost API, and retrieving the targeted file.

This repository contains a functional exploit for CVE-2023-40028, an arbitrary file read vulnerability in Ghost CMS 5.58. The exploit automates login, crafts a malicious ZIP payload with a symlink, and leverages the Ghost CMS import functionality to read sensitive files.

This repository contains a functional exploit for CVE-2023-40028, an arbitrary file read vulnerability in Ghost CMS versions < 5.59.1. The exploit leverages symlink functionality within a ZIP file to bypass import restrictions and read sensitive files from the server.

This repository contains a functional exploit for CVE-2023-40028, a symlink upload vulnerability in Ghost CMS leading to arbitrary file read. The exploit authenticates with the target, uploads a symlink via a crafted ZIP file, and retrieves the content of sensitive files.

This repository contains a functional Python exploit for CVE-2023-40028, which allows authenticated users to upload symlinks in Ghost CMS (versions < 5.59.1) to achieve arbitrary file read. The exploit automates the process of creating a malicious ZIP archive with a symlink, uploading it, and retrieving the targeted file contents.

This exploit leverages a path traversal vulnerability in Ghost CMS's zip file upload functionality to read arbitrary files on the server. It authenticates as an admin, uploads a malicious zip file with a crafted path, and retrieves the target file's contents.

This repository contains a functional exploit for CVE-2023-40028, which allows authenticated users to perform arbitrary file reads in Ghost CMS versions prior to 5.59.1 by uploading symlinks disguised as images. The exploit automates the process of creating a symlink, packaging it into a ZIP file, uploading it via the Ghost API, and retrieving the target file's contents.

This repository contains a functional PoC exploit for CVE-2023-40028, demonstrating how an authenticated attacker can upload a symlink via a crafted ZIP file to achieve Local File Inclusion (LFI) in Ghost CMS versions prior to 5.59.1. The exploit automates the process of creating a symlink, uploading it, and retrieving the contents of a target file (e.g., /etc/passwd).

This repository contains a functional exploit for CVE-2023-40028, which leverages symbolic link abuse in Ghost CMS to achieve arbitrary file read. The exploit automates the creation of a symlink, compression into a ZIP file, and upload via the Ghost API to read files through an accessible image URL.

This repository contains a functional Python exploit for CVE-2023-40028, which leverages improper file handling in Ghost CMS to achieve arbitrary file reads via symlink manipulation and ZIP uploads. The PoC authenticates with the target, uploads a crafted ZIP containing a symlink, and retrieves the linked file's contents.