A new exploit module, known as the BoidCMS Command Injection, has been created to take advantage of a vulnerability identified as CVE-2023-38836. This vulnerability resides in BoidCMS version 2.0.0 and earlier versions. Exploiting this bug allows authenticated users to upload a PHP file masquerading as media with a GIF header, even if the actual file is a PHP script.

The module was developed by a duo consisting of ‘1337kid’ who made the initial discovery and ‘bwatters-r7’ who crafted the Metasploit module. The primary goal of this module is to execute unauthorized commands on the target system by leveraging the security loophole in BoidCMS.

When operating, the module interacts with the target system through HTTP requests. It features functionality to automatically check the target system, extract required tokens for authentication, perform a login action, upload manipulated PHP files, and finally execute payloads on the target system.

To start the exploitation process, the module first attempts to check the version of BoidCMS installed on the target. If successful, it proceeds to extract the necessary authentication token for accessing the CMS. This token is crucial for simulating a login action to gain access to the system.

Once authenticated, the exploit module then uploads a PHP file with malicious code by camouflaging it as a GIF file. This upload process is essential for executing unauthorized commands on the compromised system. If the upload is successful, the module registers the uploaded PHP file for cleanup after executing the payload.

Upon successful upload, the module proceeds to launch the payload, enabling the attacker to execute arbitrary commands on the target system. The payload can be customized to facilitate various malicious activities, such as data exfiltration, system manipulation, or privilege escalation.

The module is designed to be versatile, with targets tailored for both Unix-based systems and Windows platforms. Depending on the target system, the module adapts the payload and upload procedures for optimal exploitation.

Security researchers recommend that system administrators and users of BoidCMS take prompt action to update their systems to mitigate the risk posed by this vulnerability. Regular security updates and patches should be applied to ensure the safety and integrity of the system.

In conclusion, the emergence of the BoidCMS Command Injection exploit module highlights the importance of maintaining robust cybersecurity practices and staying vigilant against potential security threats. By proactively addressing vulnerabilities and keeping systems up-to-date, organizations can enhance their defense mechanisms and safeguard against intrusive attacks.

Source link