关联漏洞
描述
Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.
介绍
# CVE-2024-54363-Exploit
Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.
# Description
The `nssTheme Wp NssUser Register` plugin for WordPress is vulnerable to an **Incorrect Privilege Assignment** issue, leading to **Privilege Escalation**. This vulnerability allows an attacker to register a new user with administrative privileges without proper authorization. The issue affects plugin versions up to **1.0.0**.
## Exploit Details
- **Affected Plugin**: `Wp NssUser Register`
- **Affected Versions**: Up to version `1.0.0`
- **Vulnerability Type**: Privilege Escalation
- **Requirements**: Access to the `/wp-admin/admin-ajax.php` endpoint with registration enabled.
### Install the required packages
```
pip install -r requirements.txt
```
## usage:
```
usage: CVE-2024-54363.py [-h] -u URL
Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation
options:
-h, --help show this help message and exit
-u URL, --url URL Base URL of the WordPress site
```
### Expected Output
```
The site http://target-wordpress-site.com is vulnerable. Exploitation in progress...
Exploitation successful!
Username: nxploit123
Password: nxploit
```
### Disclaimer
This script is provided for educational purposes only. The author is not responsible for any damages caused by the misuse of this script.
文件快照
[4.0K] /data/pocs/0b0541ae61068cf1881ce2c65ee57df4832b5880
├── [3.2K] CVE-2024-54363.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。