POC详情: dc4006dfbb2d8e151bd8b508c4a87aa110a4d9d4

来源
关联漏洞
标题: WordPress plugin JSON API User安全漏洞 (CVE-2024-6624)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin JSON API User 3.9.3版本及之前版本存在安全漏洞,该漏洞源于对自定义用户元字段的控制不当。
描述
This is a Python script that exploits the CVE-2024-6624 vulnerability in the JSON API User <= 3.9.3 plugin for WordPress. 
介绍
# **CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation**

![CVE-2024-6624 Jenderal92](https://github.com/user-attachments/assets/4d8b4be0-cd0f-4f4e-a4af-e2c80c9c25c4)


This is a Python script that exploits the **CVE-2024-6624** vulnerability in the **JSON API User <= 3.9.3** plugin for WordPress. This tool allows unauthenticated attackers to register new users and escalate their privileges to administrator without authorization.

---

## **How to Use**

### **Preparation**

1. Ensure that Python 2.7 is installed on your system.  
2. Install the `requests` dependency:

   ```bash
   pip install requests
   ```

3. Prepare a text file (`urls.txt`) containing a list of target URLs (one URL per line).

---

### **Usage Steps**

1. Run the script:

   ```bash
   python CVE-2024-6624.py
   ```

2. Enter the filename containing the target URLs when prompted:

   ```bash
   Enter the filename containing the URL list: urls.txt
   ```

3. The script will process each URL in the list and attempt to exploit the vulnerability.

4. Successful exploit results will be saved in the `admin.txt` file in the following format:

   ```
   http://example.com/wp-login.php|ngocoxscrew|ngocoxs_crews+
   ```

---


## **Disclaimer**
I have written the disclaimer on the cover of Jenderal92. You can check it [HERE !!!](https://github.com/Jenderal92/)
文件快照

[4.0K] /data/pocs/dc4006dfbb2d8e151bd8b508c4a87aa110a4d9d4 ├── [4.8K] CVE-2024-6624.py └── [1.3K] README.md 0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。