module

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell

Disclosed	Created
2023-11-28	2024-12-04

Disclosed

2023-11-28

Created

2024-12-04

Description

Chamilo LMS is a free software e-learning and content management system. In versions prior to a webshell can be uploaded via the bigload.php endpoint. If the GET request parameter `action` is set to
`post-unsupported` file extension checks are skipped allowing for attacker controlled .php files to be uploaded to:
`/main/inc/lib/javascript/bigupload/files/` if the `/files/` directory already exists - it does not exist
by default.

Authors

Ngo Wei Lin
jheysel-r7

Platform

PHP

Architectures

php

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/linux/http/chamilo_bigupload_webshell
    msf exploit(chamilo_bigupload_webshell) > show targets
        ...targets...
    msf exploit(chamilo_bigupload_webshell) > set TARGET < target-id >
    msf exploit(chamilo_bigupload_webshell) > show options
        ...show and set options...
    msf exploit(chamilo_bigupload_webshell) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today