漏洞平台

POC详情： 675ef553c8b2d17b76fc6c27e6a3048c981901ac

来源

https://github.com/Jenderal92/CVE-2024-8856

关联漏洞

标题： WordPress plugin Backup and Staging by WP Time Capsule 代码问题漏洞 (CVE-2024-8856)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Backup and Staging by WP Time Capsule 1.22.21版本及之前版本存在代码问题漏洞，该漏洞源于UploadHandler.php文件中缺少文件类型验证且没有直接文件访问预防，因此导致任意文

描述

This tool scans WordPress websites for vulnerabilities in the WP Time Capsule plugin related to CVE-2024-8856. It identifies plugin versions below 1.22.22 as vulnerable and logs results to vuln.txt. Simple and efficient, it helps security researchers and admins detect and address risks quickly.

介绍

# CVE-2024-8856

<p>This tool scans WordPress websites for vulnerabilities in the <b>WP Time Capsule</b> plugin related to <b>CVE-2024-8856</b>. 
It identifies plugin versions below "1.22.22" as vulnerable and logs results to "vuln.txt". 
Simple and efficient, it helps security researchers and admins detect and address risks quickly.</p>

## Features
<ul dir="auto">
<li>Scans a list of URLs to detect vulnerabilities in the WP Time Capsule plugin related to CVE-2024-8856.</li>
<li>Identifies plugin versions below <strong>1.22.22</strong> as vulnerable (e.g., 1.22.21, 1.22.20).</li>
<li>Uses Python libraries such as "requests" to send HTTP requests and check for plugin versions.</li>
<li>Supports multithreading to speed up the scanning process across multiple sites simultaneously.</li>
<li>Displays scan results with the vulnerability status: vulnerable or not vulnerable based on the version.</li>
<li>The found vulnerable sites are saved to a result file ("vuln.txt")</li>
</ul>

## Buy Coffee :
<ul dir="auto">
<li>Bitcoin $: 14nXhmRiQx5joCXFTdR8ydm3T8et7MFDXC</li>
<li>Saweria $: https://saweria.co/Shin403</li>
<li>Trakteer $: https://trakteer.id/shin403</li>
<li>Buymeacoffee $: https://www.buymeacoffee.com/shin.code</li>
<li>Ko-Fi $: https://ko-fi.com/shincode403</li>
</ul>

![Jenderal92 CVE-2024-8856](https://github.com/user-attachments/assets/39ae4cfb-fa89-4f8f-a80e-d7ec2534fce7)


## How To Run?
<ul dir="auto">
<li>Download and install Python from the official Python website: <a href="https://www.python.org">https://www.python.org</a>.</li>
<li>Install the required modules using the command: <code>pip install requests</code>.</li>
<li>Run the script with: <code>python file.py</code>.</li>
<li>Provide a list of sites (e.g., url.txt) as input.</li>
</ul>

## Disclaimer !!!

<p>I have written the disclaimer on the cover of Jenderal92. You can check it <a href="https://github.com/Jenderal92">HERE !!!</a></p>

文件快照


 [4.0K]  /data/pocs/675ef553c8b2d17b76fc6c27e6a3048c981901ac
├── [2.0K]  CVE-2024-8856.py
└── [1.9K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。