CVE-2023-45158

CRITICAL LAB

web2py < 2.24.1 - OS Command Injection via notifySendHandler Logging

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-45158. PoCs published by yifanzhg.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-45158, demonstrating command injection via a crafted URL parameter in web2py. The README provides clear steps and examples for executing arbitrary commands, including a reverse shell.

Description

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.

Exploits (2)

nomisec WORKING POC 4 stars

by yifanzhg · poc

https://github.com/yifanzhg/CVE-2023-45158

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-45158, demonstrating command injection via a crafted URL parameter in web2py. The README provides clear steps and examples for executing arbitrary commands, including a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: web2py (version not explicitly specified)

No auth needed

Prerequisites: Access to the web2py server · Network connectivity to the target

MITRE ATT&CK