Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-29607 PoC — Pluck 代码问题漏洞

Source
https://github.com/CaelumIsMe/CVE-2020-29607-POC
Associated Vulnerability
Title:Pluck 代码问题漏洞 (CVE-2020-29607)
Description:Pluck是一套使用PHP语言开发的内容管理系统(CMS)。 Pluck CMS 4.7.13 之前版本存在代码问题漏洞,该漏洞源于一个文件上传限制绕过漏洞允许一个管理员特权用户通过“管理文件”功能访问主机,这可能导致远程代码执行。
Readme
# Pluck CMS 4.7.13 File Upload RCE Exploit

![Exploit Banner](https://img.shields.io/badge/Exploit-CVE--2020--29607-red?style=flat-square)

## 🚨 Educational Remote Code Execution Exploit 🚨

**Author:** Ron Jost (Hacker5preme)  
**Reference:** [Exploit-DB](https://www.exploit-db.com/exploits/49283)  
**CVE:** [CVE-2020-29607](https://nvd.nist.gov/vuln/detail/CVE-2020-29607)

---

> **⚠️ Disclaimer:**
> This script is for **educational and authorized testing** purposes only. Do not use it on systems you do not own or have explicit permission to test. The author and contributors are not responsible for any misuse or damage caused by this tool.

---

## 🎯 What is this?

This is a Python 3 exploit script for the **File Upload Restriction Bypass** vulnerability in Pluck CMS **4.7.13**. It allows an authenticated admin user to upload a malicious file (webshell) and achieve remote code execution on the target server.

## 🕹️ Features

- Authenticates as admin using supplied credentials
- Uploads a minimal PHP webshell via the vulnerable file manager
- Provides direct access URL for command execution
- Fully Python 3 compatible

## 📚 References

- [Exploit-DB Entry 49283](https://www.exploit-db.com/exploits/49283)
- [Pluck CMS Official Site](https://github.com/pluck-cms/pluck)

## 🚀 Usage

```bash
python pluck_exploit.py <target_ip> <target_port> <admin_password> <pluckcms_path>
```

### Example

```
python pluck_exploit.py 10.10.10.100 80 admin /pluck
```

## 🛠️ Requirements

- Python 3.x
- `requests` library

Install dependencies with:

```bash
pip install requests
```

## 🧩 How it Works

- Connects to the target Pluck CMS instance and authenticates as admin
- Uploads a `.phar` webshell using the file manager bypass
- Prints the URL to access the webshell and execute commands

## 🎨 Output

The script provides clear, step-by-step output for authentication, upload status, and webshell access.

---

## 👾 For Fun & Learning

This script is a great way to learn about file upload bypasses and remote code execution. Use it responsibly, and always with permission!

---

## 📝 License

This project is for educational use only. No warranty, no guarantees. Hack ethically, stay curious!
File Snapshot

 [4.0K]  /data/pocs/3d50a69db8eb0431b11976cd2bb0a950ba9627ea
├── [1.7K]  pluck_exploit.py
└── [2.3K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.