漏洞平台

POC详情： 8de269bafcd04c12a0e30c94e080a1d34ba16365

来源

https://github.com/Nxploited/CVE-2024-9707-Poc

关联漏洞

标题： WordPress plugin Hunk Companion 安全漏洞 (CVE-2024-9707)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Hunk Companion 1.8.4版本及之前版本存在安全漏洞，该漏洞源于缺少对 /wp-json/hc/v1/themehunk-import REST API 端点的功能检查。攻击者利用该漏洞可以远程执行代码。

描述

he Hunk Companion Plugin for WordPress: Vulnerable to Unauthorized Plugin Installation/Activation (Versions Up to and Including 1.8.4)

介绍

# CVE-2024-9707-Poc 🌐
# Description
This script exploits the vulnerability in the WordPress Hunk Companion plugin (CVE-2024-9707), allowing unauthorized attackers to install and activate arbitrary plugins via the /wp-json/hc/v1/themehunk-import REST API endpoint.

## Features
| **Feature**                | **Description**                                              |
|----------------------------|--------------------------------------------------------------|
| Plugin Version Detection   | Automatically checks the plugin version.                    |
| Vulnerability Check        | Determines if the detected version is vulnerable (<= 1.8.4). |
| Plugin Installation        | Exploits the vulnerability to install and activate a specified plugin. |

## 🛠️ Installation and Usage:

### Prerequisites
- Python 3.x installed on your system.
- Required Python libraries: `requests`, `argparse`.

### Install the dependencies:
```bash
pip install requests
```
### Usage:
```
options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress site.
  -p PLUGIN, --plugin PLUGIN
                        Plugin name (default: wp-file-manager).
```

2- Run the script
```
python CVE-2024-9707.py -u <TARGET_URL> [-p <PLUGIN_NAME>]
```

### Example:
```
python CVE-2024-9707.py -u https://example.com -p wp-file-manager

```
### Output
- **Version Detection**: Displays the detected version of the Hunk Companion plugin.
- **Vulnerability Status**: Informs whether the target is vulnerable.
- **Exploit Status**: Displays the result of the plugin installation attempt.

### Successful Output

```
Detected version: 1.8.4
The site is vulnerable. Proceeding with exploitation.
Plugin installed and activated successfully.
Response Status: 200
Response Body: "http:\/\/192.168.100.74\/wordpress"
```

### 🚫 Disclaimer
This script is for educational purposes only. Use it responsibly and only on systems you own or have explicit permission to test. The authors are not responsible for any misuse or damage caused by this tool.
by: Khaled_alenazi | Nxploited

文件快照


 [4.0K]  /data/pocs/8de269bafcd04c12a0e30c94e080a1d34ba16365
├── [4.5K]  CVE-2024-9707.py
└── [2.1K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。