GitHub: Let’s build from here · GitHub / 13mo
{"payload":{"allShortcutsEnabled":false,"fileTree":{"":{"items":[{"name":"CVE-2023-43187","path":"CVE-2023-43187","contentType":"file"},{"name":"README.md","path":"README.md","contentType":"file"}],"totalCount":2}},"fileTreeProcessingTime":1.4857449999999999,"foldersToFetch":[],"reducedMotionEnabled":null,"repo":{"id":696636046,"defaultBranch":"main","name":"CVE","ownerLogin":"jagat-singh-chaudhary","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2023-09-26T06:31:46.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/126696595?v=4","public":true,"private":false,"isOrgOwned":false},"symbolsExpanded":false,"treeExpanded":true,"refInfo":{"name":"main","listCacheKey":"v0:1695709907.285404","canEdit":false,"refType":"branch","currentOid":"0ddb3e4bed627d104e02e2b63f294d8df041bd9f"},"path":"CVE-2023-43187","currentUser":null,"blob":{"rawLines":["","#######################################################################################################################","# Exploit Title: Remote Code Injection Vulnerability in nodebb.org","# Date: 12.08.2023","# Category: Web Application","# Exploit Author: Jagat Singh","# Tested on: Windows/Kali","# CVE: CVE-2023-43187","","","Description:","--------------","","The URL https://nodebb.org/xmlrpc.php is an endpoint for the XML-RPC protocol, which allows communication between WordPress and other systems. However, this URL is vulnerable to a remote code injection vulnerability, which allows an attacker to execute arbitrary PHP code on the server. This vulnerability affects Pear XML_RPC version 1.3.0 and earlier and PHP XMLRPC version 1.1 and earlier. The vulnerability occurs because the XML parser passes the data in XML elements to PHP eval() function without sanitizing the user input.","","Payload","--------","","",""," system.listMethods"," "," "," "," "," ","","","#############################################################################################################################","","Reproduction Steps:","","1.