漏洞平台

POC详情： 2c463d1bd5229f8e1a255f05ddf9d212764b610f

来源

https://github.com/0xgh057r3c0n/CVE-2025-34077

关联漏洞

标题： WordPress plugin Pie Register 安全漏洞 (CVE-2025-34077)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Pie Register 3.7.1.4版本存在安全漏洞，该漏洞源于身份验证绕过，可能导致远程代码执行。

描述

Poc for Unauthenticated Admin Session Hijack - Pie Register Plugin (≤ 3.7.1.4)

介绍

<p align="center">
  <a href="https://wordpress.org">
    <img src="https://upload.wikimedia.org/wikipedia/commons/9/98/WordPress_blue_logo.svg" width="100" alt="WordPress Logo">
  </a>
</p>

<h1 align="center">CVE-2025-34077</h1>
<p align="center"><b>Unauthenticated Admin Session Hijack - Pie Register Plugin (≤ 3.7.1.4)</b></p>

---

## 📌 Description

This exploit targets a vulnerability in the **Pie Register WordPress plugin** (versions ≤ 3.7.1.4), allowing **unauthenticated session hijacking of admin accounts**.

> 🛡️ **This tool is for authorized testing and research only. Do not use it on systems you do not own or have explicit permission to test.**

---

## 🧪 Proof of Concept

<p align="center">
  <img src="poc-success.png" width="700" alt="PoC Screenshot" />
</p>
---

## 🚀 Usage

```bash
python3 CVE-2025-34077.py http://target.site
````

### Example:

```bash
python3 CVE-2025-34077.py http://example.com
```

---

## ✅ Features

* Sends crafted POST payload to target site
* Extracts valid `Set-Cookie` values from unauthenticated response
* Confirms exploit success with cookie details
* Works with tools like Burp Suite or browser dev tools

---

## 🧠 Technical Details

* **Vulnerability Type:** Auth Bypass / Session Hijack
* **Plugin:** Pie Register for WordPress
* **Affected Versions:** ≤ 3.7.1.4
* **Vector:** Crafted POST request to login endpoint
* **Impact:** Attacker gains administrator-level access via hijacked cookies

---

## ⚠️ Disclaimer

This script is provided for:

* Educational purposes
* Authorized penetration testing
* Security research

**You are fully responsible** for any misuse. Unauthorized use of this tool may violate laws.

---

## 👤 Author

* **Handle:** 0xgh057r3c0n
* **GitHub:** [github.com/0xgh057r3c0n/CVE-2025-34077](https://github.com/0xgh057r3c0n/CVE-2025-34077)

---

## 📄 License

This project is licensed under the [MIT License](https://github.com/0xgh057r3c0n/CVE-2025-34077/blob/main/LICENSE).

文件快照


 [4.0K]  /data/pocs/2c463d1bd5229f8e1a255f05ddf9d212764b610f
├── [3.3K]  CVE-2025-34077.py
├── [2.0K]  CVE-2025-34077.yaml
├── [1.1K]  LICENSE
├── [1.2M]  poc-success.png
└── [2.0K]  README.md

0 directories, 5 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。