by vicarius
log in join community
by @secatgourity
17 Jul 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Novel Exploit: Dolibarr Code Injection (CVE-2022-40871)

by @secatgourity
by @secatgourity
17 Jul 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Novel Exploit: Dolibarr Code Injection (CVE-2022-40871)

OS

Kali Linux
Kali LinuxKali
2024.1.*
2020.3.*
2019.4.*

Apps

DE
Dolibarr Erp/crmDolibarr
18.0.6.*
18.0.4.*
18.0.5.*
13.0.4.*
13.0.5.*
19.0.0.*
*.*
19.0.4.*
19.0.3.*
15.0.2.*

Screenshots from the blog posts

images/clymosbhyhlh31gn66szfd6rd.pngimages/clymosbhyhlh31gn66szfd6rd.png

Summary

In this post, we will uncover a novel (one-shot) exploit to pwn vulnerable Dolibarr ERP instances and get a reverse shell on the target machine. We will understand how the exploit works and what all steps are required to compromise the vulnerable target.

general

Description

Tags

#open-source#php#code-execution#remote-code-execution#code-injection#dolibarr

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (0)