关联漏洞
标题:
WordPress plugin PZ Frontend Manager 安全漏洞
(CVE-2024-6244)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin PZ Frontend Manager 1.0.6 版本之前存在安全漏洞,该漏洞源于某些地方未进行跨站请求伪造检查,这可能允许攻击者通过跨站请求伪造攻击让已登录的用户执行不必要的操作。
描述
pz-frontend-manager < 1.0.6 - CSRF Profile Picture Exploit
介绍
# 🚀 pz-frontend-manager <= 1.0.5 - CSRF Profile Picture Exploit
## 🛠️ Description
This script exploits a **CSRF vulnerability** in the WordPress plugin **pz-frontend-manager** (versions <= **1.0.5**) to change the profile picture of a logged-in user without their consent.
🔴 **CVE-2024-6244**
The plugin lacks proper **CSRF protection**, allowing attackers to force authenticated users into performing unintended actions via crafted requests.
## 🕵️♂️ How It Works
1. **Checks for Vulnerability:** The script fetches `readme.txt` to determine if the target site is running a vulnerable version (`< 1.0.6`).
2. **Encodes the Image:** The provided image is converted to **Base64**.
3. **Logs in as the User:** Uses provided credentials to establish a session.
4. **Sends CSRF Exploit Request:** Uploads the profile picture by making a forged request to `admin-ajax.php`.
5. **Uploads Images & Extracts Path:** The script also uploads images and extracts their path from the result.
6. **Displays the Image URL:** If successful, the script outputs the new profile picture URL.
7. **Uploaded Images Path:** Here you can find the uploaded images in multiple formats:
```
/wp-content/uploads/2025/02/
## 📌 Features
- Supports multiple image formats (**PNG, JPG, JPEG, GIF**).
- Automatically detects if the target site is vulnerable.
- Provides a detailed request response.
- Simple and easy to use.
## ⚡ Usage
```bash
python3 CVE-2024-6244.py -u <TARGET_URL> -U <USERNAME> -p <PASSWORD> -i <IMAGE_FILE>
```
```
usage: p.py [-h] --url URL --username USERNAME --password PASSWORD [--image IMAGE]
pz-frontend-manager <= 1.0.5 - CSRF change user profile picture
options:
-h, --help show this help message and exit
--url URL, -u URL Base URL of the WordPress site
--username USERNAME, -U USERNAME
Username for login
--password PASSWORD, -p PASSWORD
Password for login
--image IMAGE, -i IMAGE
Image file name (default: Nxploit.jpg)
```
### 🔹 Example
```bash
python3 CVE-2024-6244.py -u "https://victim-site.com" -U "admin" -p "password123" -i "new_avatar.png"
```
## 📥 Requirements
- Python 3.x
- `requests` module (`pip install requests`)
## 🚨 Disclaimer
This script is for **educational and security research purposes only**. Unauthorized exploitation of websites without permission is **illegal** and may lead to severe consequences.
---
文件快照
[4.0K] /data/pocs/625a42d223a6f4e9cff7b301f32667e4cb7033dc
├── [3.7K] CVE-2024-6244.py
├── [ 36K] Nxploit.jpg
└── [2.4K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。