Login Sign Up

CVE-2023-33386

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the admin attachment upload interface that allows attackers to upload malicious files to the server. This affects all systems running MarsCTF 1.2.1 with the vulnerable file upload functionality enabled. Attackers can potentially execute arbitrary code on the server.

💻 Affected Systems

Products:
  • MarsCTF
Versions: 1.2.1
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the background/admin attachment upload interface. Requires admin access or authentication bypass to exploit.

📦 What is this software?

Marsctf by Marsctf Project

View all CVEs affecting Marsctf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell upload leading to server compromise, data theft, and potential pivot to internal systems.

🟢

If Mitigated

File upload blocked or sanitized, limiting impact to denial of service if upload attempts overwhelm the system.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials or authentication bypass. The vulnerability is in CTFFileServiceImpl.java line 46 where file upload validation is insufficient.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Implement file upload validation

all

Add server-side validation to restrict file types, check file signatures, and sanitize filenames.

Modify CTFFileServiceImpl.java to add proper file validation before processing uploads

Restrict upload directory permissions

linux

Set upload directory to read-only for web server and prevent execution of uploaded files.

chmod 755 /path/to/upload/directory
chown www-data:www-data /path/to/upload/directory

🧯 If You Can't Patch

  • Disable the vulnerable file upload functionality entirely in the admin interface
  • Implement a web application firewall (WAF) with file upload protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running MarsCTF version 1.2.1 and examine CTFFileServiceImpl.java line 46 for insufficient file validation.

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Test file upload functionality with malicious files to ensure they are rejected or properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to admin interface
  • Uploads of executable files (.php, .jsp, .war)
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to file upload endpoints with suspicious filenames or content

SIEM Query:

source="web_server" AND (uri="/admin/upload" OR uri="/api/upload") AND (filename="*.php" OR filename="*.jsp" OR filename="*.war")

📊 Metadata

CVE ID: CVE-2023-33386
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: June 5, 2023
Last Updated: January 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33386, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)