关联漏洞
介绍
# CVE-2024-49328-exploit
## 🌟 Overview
This script exploits a privilege escalation vulnerability in the WP REST API FNS Plugin for WordPress. The vulnerability affects all versions up to and including `1.0.0`, allowing unauthenticated attackers to gain administrator privileges.
## ⚙️ Usage
```bash
python script.py -u <site_url> -e <email> -p <password>
```
### 🔍 Details of Exploitation
| **Step** | **Description** | **Icon** |
|----------|---------------------------------------------------------------|--------------------|
| Step 1 | Verify the version of the plugin. | 📝 |
| Step 2 | Check if the version is exploitable (`1.0.0`, or lower).| ✅ |
| Step 3 | Exploit the vulnerability and register a new admin user. | 🔒 |
| Step 4 | Print the result with user credentials for verification. | 🎉 |
## ➡️ Example Output
```
Found Stable tag version: 1.0.0
Version 1.0.0 is exploitable.
Exploiting the site... Please wait.
Successfully
Username: Nxploit@admin.sa
Password: nxploit
```
### Install the required packages
```
pip install requests
```
## ⚠️ Disclaimer
🚨 Warning:
This script is for educational purposes only. Unauthorized use of this script against systems without explicit permission is illegal and unethical.
文件快照
[4.0K] /data/pocs/b41f38b5eb14fe74192eb0b561a12e44e8d3c06e
├── [5.2K] CVE-2024-49328.py
└── [1.4K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。