关联漏洞
Description
Perform with massive Wordpress SQLI 2 RCE
介绍
# Wordpress SQLI-2-RCE Exploit
- This Python script exploits CVE-2024-27956, a vulnerability in Wordpress that allows for SQL Injection leading to Remote Code Execution (RCE).
# Features
- Multi-threaded Exploitation: Utilizes concurrent threads to exploit multiple Wordpress instances simultaneously.
- Dynamic Payload Injection: Constructs SQL queries dynamically to inject malicious code into vulnerable Wordpress installations.
- Detailed Logging and Error Handling: Uses colorama and coloredlogs for enhanced console output with color-coded messages.
# Requirements
- Python 3.x
- Required Python packages (requests, argparse, colorama, coloredlogs, concurrent.futures)\
# Usage
- python exploit.py -f urls.txt [-t NUM_THREADS]
- -f, --file: File containing URLs/IPs of Wordpress instances, one per line.
- -t, --threads: Number of threads to use for concurrent requests (default: 5).
# Author
- Pari Malam
文件快照
[4.0K] /data/pocs/1ea6c6634f4231c064db10844dd5c6f4db4401c9
├── [8.2K] CVE-2024-27956.py
├── [ 916] README.md
└── [1.0M] wp-automatic.zip
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。