# CVE-2024-12849-Poc
## 📜 Description
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
### ⚙️ Install the required packages
```
pip install requests
```
### ⚙ Check Version and Download Default File
Example Command
```
python CVE-2024-12849.py -u http://192.168.100.74/wordpress
```
### 🔍 Download a Custom File:
To download a specific file from the server, use the --file (or -f) option to specify the path to the file.
The script sends a request to fetch the file and saves the response.
Example Command:
```
python main.py -u http://192.168.100.74/wordpress -f /path/file
```
### 🔍 Download wp-config.php
To download the sensitive wp-config.php file, use the --path (or -p) option to specify the WordPress installation directory.
The script appends /wp-config.php to the given path and attempts to retrieve the file.
Example Command:
```
python main.py -u http://192.168.100.74/wordpress -p /opt/lampp/htdocs/wordpress
```
### 📡 Results Logging
All results, including successes and errors, are logged into a file named data.txt.
This file contains timestamps for each action, making it easy to review past operations.
### Note
This script is provided for educational purposes only. The author is not responsible for any damages caused by the misuse of this script.
[4.0K] /data/pocs/2da69f3f6d758fb5cb27ba7ff10d830428c2aa11
├── [5.2K] CVE-2024-12849.py
└── [1.6K] README.md
0 directories, 2 files