漏洞平台

POC详情： d8d6ff00dc84269b45a9fb56f2ae75e68f7e732b

来源

https://github.com/absholi7ly/CVE-2024-44000-LiteSpeed-Cache

关联漏洞

标题： WordPress plugin LiteSpeed Cache 安全漏洞 (CVE-2024-44000)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin LiteSpeed Cache 6.5.0.1版本之前存在安全漏洞，该漏洞源于包含一个凭证保护不足漏洞。

描述

CVE-2024-44000 is a vulnerability in the LiteSpeed Cache plugin, a popular WordPress plugin. This vulnerability affects session management in LiteSpeed Cache, allowing attackers to gain unauthorized access to sensitive data.

介绍

# Poc LiteSpeed Cache CVE-2024-44000 Exploit
CVE-2024-44000 is a vulnerability in the LiteSpeed Cache plugin, a popular WordPress plugin. This vulnerability affects session management in LiteSpeed Cache, allowing attackers to gain unauthorized access to sensitive data.

------------------------------------------------------
![Proof of Concept](Poc%20CVE-2024-44000.jpg)
------------------------------------------------------

The script works in the following steps:
1. **Extract Cookies from Debug Log**: 
- The script sends a `GET` request to retrieve the `debug.log` file (`wp-content/debug.log`) from the server.
- It uses regular expressions to extract cookies from the file's contents.

2. **Extract Session Cookies**: 
- It filters the extracted cookies to locate session cookies matching the pattern: 
      ```
      wordpress_logged_in_[^=]+=[^;]+
      ```

3. **Hijack Admin Session**: 
- The script generates URLs with the stolen cookies and sends a `GET` request to the WordPress admin dashboard (`wp-admin/`).
- If the response includes a `302 Redirect` with a `Location` header containing the `wp-admin` path, it considers the hijacking successful.

## Factors Affecting Script Success
Several factors influence the effectiveness of this script:
- **Debug Log File Accessibility**: The script assumes that the `debug.log` file is publicly accessible and contains session cookies. If this is not the case, the script will not work.
- **Cookie Extraction and Filtering**: The regular expressions used for extracting cookies may not catch all possible formats or variations of session cookies.

## Disclaimer

**Important:** Exploiting vulnerabilities without permission is illegal and unethical. This script is intended for **educational and testing purposes only**. Use it only with explicit consent from the system owner.

文件快照


 [4.0K]  /data/pocs/d8d6ff00dc84269b45a9fb56f2ae75e68f7e732b
├── [3.4K]  CVE_2024_44000.py
├── [ 11K]  LICENSE
├── [196K]  Poc CVE-2024-44000.jpg
└── [1.8K]  README.md

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。