Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-5360 PoC — WordPress Plugin Royal Elementor Addons and Templates 代码问题漏洞

Source
https://github.com/Pushkarup/CVE-2023-5360
Associated Vulnerability
Title:WordPress Plugin Royal Elementor Addons and Templates 代码问题漏洞 (CVE-2023-5360)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Royal Elementor Addons and Templates 1.3.79 版本之前存在代码问题漏洞,该漏洞源于无法正确验证上传的文件,这可能导致远程代码执行。
Description
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Readme
# CVE-2023-5360
An Open-source EXPLOIT for 
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

<img width="330" alt="Screenshot 2023-11-05 235108" src="https://github.com/Pushkarup/CVE-2023-5360/assets/148672587/d82c8093-11df-443f-a8c1-481b954d36cf">


## Table of Contents

- [Introduction](#introduction)
- [Features](#features)
- [Usage](#usage)
  - [Prerequisites](#prerequisites)
  - [Installation](#installation)
  - [Running the Exploit](#running-the-exploit)
- [Results and Logs](#results-and-logs)
- [Disclaimer](#disclaimer)
- [License](#license)
- [Author](#author)
- [Donations](#donations)

## Introduction

This repository contains a Python script designed to check for and exploit the WordPress vulnerability CVE-2023-5360 in websites using the Royal Elementor Addons plugin. The exploit involves uploading a PHP shell to the target website.

## Features

- Asynchronously checks a list of WordPress sites for the CVE-2023-5360 vulnerability.
- Attempts to exploit the vulnerability by uploading a PHP shell.
- Provides detailed logging for each checked and exploited site.
- Includes an ASCII art banner for a professional touch.

## Usage

### Prerequisites

- Python 3.x
- Colorama library (`pip install colorama`)

### Installation

Clone the repository:

```bash
git clone https://github.com/Pushkarup/CVE-2023-5360.git
```

Install dependencies:
```bash
pip install -r requirements.txt
```

### Running the Exploit
1)Prepare a list of target WordPress sites in a text file (e.g., "urls.txt").
2)Run the exploit:
```bash
python CVE-2023-5360.py
```
Follow the prompts to enter the URL list file name and the number of threads for concurrent checking.

# Results and Logs
- exploit.log: Contains detailed logs of the exploit process.
- active-plugin.txt: Lists the URLs with the Royal Elementor Addons plugin.
- exploited.txt: Lists the URLs successfully exploited.

# Disclaimer
This exploit script is intended for educational purposes only. Use it responsibly, and ensure you have the necessary permissions before testing on websites you do not own.

# License
This project is licensed under the MIT License - see the LICENSE file for details.

# Author
- Pushkar Upadhyay
- [GitHub](https://github.com/Pushkarup)
- [LinkedIn](www.linkedin.com/in/pushkar-upadhyay-24p)

# Donations
### Show your support
- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP
- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a
- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a
File Snapshot

 [4.0K]  /data/pocs/4f87db1651645f24e3678d2ef08faa86a6979341
├── [ 10K]  CVE-2023-5360.py
├── [1.0K]  LICENSE
├── [2.6K]  README.md
└── [  29]  requirements.txt.log

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.