POC详情: 7f74f600d503796f9eaa91b53a8ebf1b5a0b3132

来源
https://github.com/DiMarcoSK/CVE-2023-3460_POC
关联漏洞
标题: WordPress Plugin Ultimate Member 权限许可和访问控制问题漏洞 (CVE-2023-3460)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Ultimate Member 2.6.6之前版本存在权限许可和访问控制问题漏洞,该漏洞源于通过任意用户元更新可以升级权限。
描述
GitHub repository for CVE-2023-3460 POC
介绍
# CVE-2023-3460
 Exploit for CVE-2023-3460 - Unauthorized admin access for Ultimate Member plugin. Made with Golang
```
╔══════════════════════════════════════════════════╗ ╔══════════════════════════════════════════════════╗
║                  DISCLAIMER                      ║ ║                  ABOUT THE PROJECT               ║        
║                                                  ║ ║                                                  ║
║ This Proof of Concept (PoC) has been developed   ║ ║ I had problems in some cases with this exploit.  ║
║ for educational and research purposes only.      ║ ║ Things like this must happen since it's a dev    ║
║ Its intention is to explore potential security   ║ ║ version. Project intended to increase the scope  ║
║ vulnerabilities and raise awareness about them.  ║ ║ of the exploit, and not need to open BurpSuite   ║
║                                                  ║ ║ and test by hand everytime you find a Wordpress  ║
║ USAGE DISCLAIMER:                                ║ ║ WebApp. Improvements are on the way, and I       ║
║ Any use of this PoC on systems or websites you   ║ ║ promise I won't leave the dirty code as it is    ║
║ do not have explicit authorization for may       ║ ║ (I think).                                       ║
║ violate ethical standards and legal regulations. ║ ║                                                  ║
║                                                  ║ ║ UPCOMING FEATURES:                               ║
║ USAGE AT YOUR OWN RISK:                          ║ ║ - Scanning functionality to identify exposed     ║
║ Using this PoC on unauthorized systems or        ║ ║   systems                                        ║
║ websites may lead to legal consequences. Always  ║ ║ - Improved nonce search for various registration ║
║ obtain proper authorization before testing.      ║ ║   patterns                                       ║
║                                                  ║ ║ - Customizable admin creation options (Like set  ║
║ The creator of this PoC are not responsible      ║ ║   parameters that registration require)          ║
║ for any misuse or damage caused by its usage.    ║ ║                                                  ║
║                                                  ║ ║                                                  ║
║                 [ Version 0.1 ]                  ║ ║               [ By BlackReaperSK ]               ║
╚══════════════════════════════════════════════════╝ ╚══════════════════════════════════════════════════╝

```
文件快照

 [4.0K]  /data/pocs/7f74f600d503796f9eaa91b53a8ebf1b5a0b3132
├── [3.0K]  CVE-2023-3460.go
├── [ 243]  go.mod
├── [1020]  go.sum
├── [1.0K]  LICENSE
└── [3.1K]  README.md

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。