关联漏洞
标题:WordPress plugin Pie Register 安全漏洞 (CVE-2025-34077)Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Pie Register 3.7.1.4版本存在安全漏洞,该漏洞源于身份验证绕过,可能导致远程代码执行。
Description
Poc for Unauthenticated Admin Session Hijack - Pie Register Plugin (≤ 3.7.1.4)
介绍
<p align="center">
<a href="https://wordpress.org">
<img src="https://upload.wikimedia.org/wikipedia/commons/9/98/WordPress_blue_logo.svg" width="100" alt="WordPress Logo">
</a>
</p>
<h1 align="center">CVE-2025-34077</h1>
<p align="center"><b>Unauthenticated Admin Session Hijack - Pie Register Plugin (≤ 3.7.1.4)</b></p>
---
## 📌 Description
This exploit targets a vulnerability in the **Pie Register WordPress plugin** (versions ≤ 3.7.1.4), allowing **unauthenticated session hijacking of admin accounts**.
> 🛡️ **This tool is for authorized testing and research only. Do not use it on systems you do not own or have explicit permission to test.**
---
## 🧪 Proof of Concept
<p align="center">
<img src="poc-success.png" width="700" alt="PoC Screenshot" />
</p>
---
## 🚀 Usage
```bash
python3 CVE-2025-34077.py http://target.site
````
### Example:
```bash
python3 CVE-2025-34077.py http://example.com
```
---
## ✅ Features
* Sends crafted POST payload to target site
* Extracts valid `Set-Cookie` values from unauthenticated response
* Confirms exploit success with cookie details
* Works with tools like Burp Suite or browser dev tools
---
## 🧠 Technical Details
* **Vulnerability Type:** Auth Bypass / Session Hijack
* **Plugin:** Pie Register for WordPress
* **Affected Versions:** ≤ 3.7.1.4
* **Vector:** Crafted POST request to login endpoint
* **Impact:** Attacker gains administrator-level access via hijacked cookies
---
## ⚠️ Disclaimer
This script is provided for:
* Educational purposes
* Authorized penetration testing
* Security research
**You are fully responsible** for any misuse. Unauthorized use of this tool may violate laws.
---
## 👤 Author
* **Handle:** 0xgh057r3c0n
* **GitHub:** [github.com/0xgh057r3c0n/CVE-2025-34077](https://github.com/0xgh057r3c0n/CVE-2025-34077)
---
## 📄 License
This project is licensed under the [MIT License](https://github.com/0xgh057r3c0n/CVE-2025-34077/blob/main/LICENSE).
文件快照
[4.0K] /data/pocs/4900abe7f4040435a0e4335cc756be6d6546ed65
├── [3.3K] CVE-2025-34077.py
├── [2.0K] CVE-2025-34077.yaml
├── [1.1K] LICENSE
├── [1.2M] poc-success.png
└── [2.0K] README.md
1 directory, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。