漏洞平台

POC详情： d4136615d4698bd665532bcf325f1c05600c186e

来源

https://github.com/Nxploited/CVE-2024-3673

关联漏洞

标题： WordPress plugin Web Directory Free 安全漏洞 (CVE-2024-3673)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Web Directory Free 1.7.3之前版本存在安全漏洞，该漏洞源于在include函数中使用参数之前没有验证参数。

描述

CVE-2024-3673 Exploit: Local File Inclusion in Web Directory Free WordPress Plugin ( before 1.7.3 )

介绍

# CVE-2024-3673
CVE-2024-3673 Exploit: Local File Inclusion in Web Directory Free WordPress Plugin ( before 1.7.3 )

# Overview

**CVE-2024-3673** describes a critical vulnerability in the Web Directory Free WordPress plugin (versions prior to 1.7.3). The plugin fails to validate a parameter before using it in an `include()` function, which leads to Local File Inclusion (LFI). This allows unauthenticated attackers to read sensitive files on the server.
## Vulnerable Plugin Versions

- Affected Versions: **<= 1.7.2**
- Fixed Version: **1.7.3**

## Exploit Description

An attacker can exploit this vulnerability by sending a crafted `POST` request to the `admin-ajax.php` endpoint, abusing the `w2dc_controller_request` action to include arbitrary files from the server.

## Exploit Script

The provided Python script automates the exploitation process, including:
1. Checking the plugin version by parsing the `readme.txt` file.
2. Verifying if the target is vulnerable.
3. Exploiting the vulnerability to read sensitive files such as `/etc/passwd`.

### Usage

#### Prerequisites
- Python 3.x
- `requests` library

#### Running the Script

```bash
python3 CVE-2024-3673.py --url <TARGET_URL> [--file <TARGET_FILE>]
```

**Example:**

```bash
python3 CVE-2024-3673.py --url http://192.168.100.74/wordpress --file ../../../../../etc/passwd
```

#### Script Options
- `--url`, `-u`: The target WordPress site URL (required).
- `--file`, `-f`: The file to be read on the target server (default: `/etc/passwd`).

### Script Output
- If the plugin version is vulnerable, the script will attempt to exploit the LFI and display the file's content.
- If the plugin version is safe, it will display a message indicating that the site is not vulnerable.

## Mitigation

- **Update Plugin**: Upgrade the Web Directory Free plugin to version **1.7.3** or higher.
- **Server Hardening**:
  - Restrict file permissions to prevent unauthorized access.
  - Use a Web Application Firewall (WAF) to block malicious requests.
- **Monitoring**: Regularly scan your WordPress installation for vulnerabilities.

## Legal Disclaimer

This script is intended for educational purposes only. Unauthorized use of this exploit on systems you do not own or have explicit permission to test is illegal.

文件快照


 [4.0K]  /data/pocs/d4136615d4698bd665532bcf325f1c05600c186e
├── [3.0K]  CVE-2024-3673.py
└── [2.2K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。