POC详情: 87cf8e1fde78a426d3bcd4eb714b0c029bfd3156

来源
关联漏洞
标题: WordPress plugin Automatic 路径遍历漏洞 (CVE-2024-27954)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Automatic 3.92.0 版本及之前版本存在路径遍历漏洞,该漏洞源于存在路径遍历漏洞。
介绍
# CVE-2024-27954


# 📝 CVE-2024-27954 - Path Traversal & SSRF Vulnerability in WP Automatic Plugin

### Description
An **Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')** vulnerability exists in the WP Automatic plugin, allowing **Path Traversal** and **Server-Side Request Forgery (SSRF)** attacks. This issue affects WP Automatic versions up to **3.92.0**.

---

### 🔍 Detection Queries

To identify affected hosts, you can use the following queries:

- **FOFA:** `body="wp-content/plugins/wp-automatic" && header="HTTP/1.1 200 OK"`
- **ZoomEye:** `title:"wp-automatic" response.status_code:200`
- **Shodan:** `http.title:"wp-automatic" http.status:200`
- **Publicwww:** `"/wp-content/plugins/wp-automatic"`

---

### ⬇️ Installation

Clone the repository:

```bash
git clone https://github.com/Quantum-Hacker/CVE-2024-27954.git
cd CVE-2024-27954

Nuclei Usage:
Use Nuclei with the provided template:
nuclei -t wprce.yaml --target http://example.com or -l WPUrls.txt


⚠️ Disclaimer
This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems is strictly prohibited.

📄 License
This tool is licensed under the MIT License.
文件快照

[4.0K] /data/pocs/87cf8e1fde78a426d3bcd4eb714b0c029bfd3156 ├── [1.2K] README.md └── [ 661] wprce.yaml 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。