POC详情: bc260521ac8a943a77fdf5b31de769405a3f7338

来源
https://github.com/realbotnet/CVE-2024-28000
关联漏洞
标题: WordPress Plugin LiteSpeed Cache 安全漏洞 (CVE-2024-28000)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin LiteSpeed Cache 6.3.0.1及之前版本版本存在安全漏洞,该漏洞源于存在不正确的权限分配漏洞,允许权限提升。
描述
0Day CVE-2024-28000 Auto Exploiter on WordPress LiteSpeed Cache plugin
介绍
<h1 align="left">
  CVE-2024-28000 - 0Day Auto Exploit POC -  by <a href="https://t.me/bl4ckhatx" target="_blank">
      @bl4ckhatx 
  </a>
  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="32"
      height="32"
      alt="telegram logo"
    />
  </a>
</h1>

###

<h3 align="left">
  Unlock the potential of the latest vulnerability—CVE-2024-28000! For serious
  inquiries, <br />
  hit me up on Telegram: 
  <a href="https://t.me/bl4ckhatx" target="_blank">
      @bl4ckhatx 
  </a>
 

  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="20"
      height="20"
      alt="telegram logo"
    />
  </a>
</h3>

###

<div align="center">
  <img src="poc.png" />
</div>

###

<h2 align="left">
  🎯 CVE-2024-28000 - The Ultimate Backdoor to WordPress Domination💢

  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="20"
      height="20"
      alt="telegram logo"
    />
  </a>
</h2>

###

<h2 align="left">Exploitation Path: From Nobody to God Mode</h2>

###

<p align="left">
  Once you’ve cracked the hash, you’re golden. The plugin doesn't bother with
  real security checks, so your spoofed admin credentials will get you full
  control. You can now use the /wp-json/wp/v2/users REST API to create new
  admin-level accounts. With this access, the possibilities are endless: install
  malicious plugins, alter site content, steal user data, or simply crash the
  whole thing for kicks.
</p>

###

<h3 align="left">
  For more details or to secure a customized exploit kit, reach out on Telegram:
    <a href="https://t.me/bl4ckhatx" target="_blank">
      @bl4ckhatx 
  </a>
</h3>

###

<div align="left">
  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="52"
      height="40"
      alt="telegram logo"
    />
  </a>
</div>

###
文件快照

 [4.0K]  /data/pocs/bc260521ac8a943a77fdf5b31de769405a3f7338
├── [1.5K]  LICENSE
├── [ 20K]  poc.png
└── [2.3K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。