关联漏洞
标题:
WordPress plugin JSON API User安全漏洞
(CVE-2024-6624)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin JSON API User 3.9.3版本及之前版本存在安全漏洞,该漏洞源于对自定义用户元字段的控制不当。
描述
This is a Python script that exploits the CVE-2024-6624 vulnerability in the JSON API User <= 3.9.3 plugin for WordPress.
介绍
# **CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation**

This is a Python script that exploits the **CVE-2024-6624** vulnerability in the **JSON API User <= 3.9.3** plugin for WordPress. This tool allows unauthenticated attackers to register new users and escalate their privileges to administrator without authorization.
---
## **How to Use**
### **Preparation**
1. Ensure that Python 2.7 is installed on your system.
2. Install the `requests` dependency:
```bash
pip install requests
```
3. Prepare a text file (`urls.txt`) containing a list of target URLs (one URL per line).
---
### **Usage Steps**
1. Run the script:
```bash
python CVE-2024-6624.py
```
2. Enter the filename containing the target URLs when prompted:
```bash
Enter the filename containing the URL list: urls.txt
```
3. The script will process each URL in the list and attempt to exploit the vulnerability.
4. Successful exploit results will be saved in the `admin.txt` file in the following format:
```
http://example.com/wp-login.php|ngocoxscrew|ngocoxs_crews+
```
---
## **Disclaimer**
I have written the disclaimer on the cover of Jenderal92. You can check it [HERE !!!](https://github.com/Jenderal92/)
文件快照
[4.0K] /data/pocs/dc4006dfbb2d8e151bd8b508c4a87aa110a4d9d4
├── [4.8K] CVE-2024-6624.py
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。