CVE-2018-6389 PoC — WordPress 安全漏洞

Source

Associated Vulnerability

Description

PoC Exploit CVE-2018-6389

Readme

# CVE-2018-6389 Checker

[![Python Version](https://img.shields.io/badge/python-3.x-blue.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)

**CVE-2018-6389 Checker** — a small, non‑destructive Python tool that checks for indicators of the CVE‑2018‑6389 WordPress vulnerability by issuing three controlled `load-scripts.php` requests and analysing response size, timing and JS token patterns.


![Short description](safe.png)
![Short description](vulnerable.png)

---

> ⚠️ **Disclaimer**  
> Use this tool **only** on systems you own or have explicit permission to test. Unauthorized scanning is illegal. The tool performs harmless GET requests only — it does **not** exploit or perform DoS attacks.

---

## Features

- Three-step **non-destructive** scan
- Measures **response size** and **response time**
- Detects and **counts** `!function` occurrences in the 3rd response
- Heuristic vulnerability levels: `Low`, `Low-Medium`, `Medium`, `High`, `VeryHigh`
- Colorized, readable terminal output (uses `colorama`)
- Simple vulnerability **score** (0..5) and human-friendly verdict

---

## Banner (printed at start)


---

## Installation

Requires Python 3.x.

```bash
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
```

Usage:
```bash
python CVE-2018-6389.py <target-url>
python CVE-2018-6389.py https://example.com/
```

File Snapshot

 [4.0K]  /data/pocs/1ba8fd98b313784c78538739a6e0b7a15acb6d92
├── [ 10K]  CVE-2018-6389.py
├── [1.4K]  README.md
├── [  18]  requirements.txt
├── [ 84K]  safe.png
└── [ 87K]  vulnerable.png

1 directory, 5 files

Remarks