CVE-2023-46818

This repository contains a functional Python exploit for CVE-2023-46818, a PHP code injection vulnerability in ISPConfig <= 3.2.11. The exploit authenticates, injects a PHP shell via the 'records' parameter in language_edit.php, and provides an interactive shell.

This Python exploit targets CVE-2023-46818 in ISPConfig, leveraging improper sanitization of the 'records' POST parameter in '/admin/language_edit.php' to inject and execute arbitrary PHP code. It authenticates as an admin, fetches CSRF tokens, injects a shell payload, and provides an interactive shell.

The repository contains a functional Python exploit for CVE-2023-46818, which targets a PHP code injection vulnerability in ISPConfig's language file editor. The exploit authenticates as an admin, injects a malicious PHP shell, and provides an interactive shell for command execution.

This repository contains a functional exploit for CVE-2023-46818, targeting a PHP code injection vulnerability in ISPConfig 3.2.11 and earlier. The exploit automates login, CSRF token extraction, payload injection via the language_edit.php file, and provides an interactive web shell for remote command execution.

This repository contains a functional exploit for CVE-2023-46818, an authenticated PHP code injection vulnerability in ISPConfig. The exploit leverages unsanitized input in the `records[]` parameter of the `/admin/language_edit.php` endpoint to inject arbitrary PHP code, leading to remote code execution.

This repository contains a functional exploit for CVE-2023-46818, an authenticated PHP code injection vulnerability in ISPConfig. The exploit leverages unsanitized input in the `records[]` parameter of the `/admin/language_edit.php` endpoint to inject arbitrary PHP code, leading to remote code execution.

This repository contains a functional exploit for CVE-2023-46818, an authenticated PHP code injection vulnerability in ISPConfig versions <= 3.2.11. The exploit leverages improper input validation in the /admin/language_edit.php endpoint to inject a PHP shell, enabling remote command execution.

This Python exploit targets CVE-2022-42092, an unrestricted file upload vulnerability in Backdrop CMS, allowing authenticated attackers to upload a malicious module and achieve remote code execution via a reverse shell.

This Python script exploits an authenticated arbitrary PHP code injection vulnerability in ISPConfig's language_edit.php via unsanitized 'records' POST parameter. It logs in, fetches CSRF tokens, injects a base64-encoded PHP shell, and provides interactive command execution.

This repository contains a functional Python exploit for CVE-2023-46818, which leverages a file write vulnerability to upload a PHP webshell. The exploit authenticates, injects malicious code via a language file, and provides a semi-interactive shell.

This repository contains a functional Metasploit module for CVE-2023-46818, which exploits a PHP code injection vulnerability in ISPConfig's language file editor. The exploit authenticates as an admin, injects a PHP shell via the language_edit.php endpoint, and executes commands or triggers a Meterpreter payload.

This repository contains a functional exploit for CVE-2023-46818, an authenticated PHP code injection vulnerability in ISPConfig <= 3.2.11. The exploit leverages unsanitized input in the `records[]` parameter of `/admin/language_edit.php` to deploy a web shell, enabling remote command execution.

This Metasploit module exploits a PHP code injection vulnerability in ISPConfig's language_edit.php file, allowing authenticated administrators to inject arbitrary PHP code via the language editor interface. It automates the process of enabling the required permission if disabled and injects a base64-encoded payload.