Eli Serra mano8

This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).

Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.

POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.

Emoncms installlation (debian11/nginx)

Above is the nginx configuration to run emoncms on debian 11 with php7.4.

Prepare emoncms installation

Create the above paths needed from emoncms :

 # sudo mkdir /var/opt/emoncms/
 # sudo mkdir /var/opt/emoncms/phptimeseries/
 # sudo mkdir /var/opt/emoncms/phpfina/

Installation guide for debian server running vemonitor.

For this, i use an old asus eee pc 1000H laptop, see here for more info.

Install of debian 11

Downlad debian from debian.org the latest stable version for 32 bits systems. Use balenaEtcher to create a bootable usb. To boot from external media you have to press Esc during the BIOS boot splash screen and select the right installation medium. Complete the installation and upgrade the system : Pass to root user : $ su -

This file shows how to use the geoConicConformalSpain projection from d3-composite-projections.

To change the file, edit draw.js and run

browserify draw.js| uglifyjs > bundle.js

The dependencies are installed with:

npm install d3-composite-projections d3-geo d3-request d3-selection d3-transition topojson

	#WP block - see https://fr.wordpress.org/support/article/htaccess/
	RewriteEngine On
	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
	RewriteBase /
	RewriteRule ^index\.php$ - [L]

	# ajouter un slash après /wp-admin
	RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

	RewriteCond %{REQUEST_FILENAME} -f [OR]