漏洞平台

POC详情： 4f87db1651645f24e3678d2ef08faa86a6979341

来源

https://github.com/Pushkarup/CVE-2023-5360

关联漏洞

标题： WordPress Plugin Royal Elementor Addons and Templates 代码问题漏洞 (CVE-2023-5360)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Royal Elementor Addons and Templates 1.3.79 版本之前存在代码问题漏洞，该漏洞源于无法正确验证上传的文件，这可能导致远程代码执行。

描述

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

介绍

# CVE-2023-5360
An Open-source EXPLOIT for 
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

<img width="330" alt="Screenshot 2023-11-05 235108" src="https://github.com/Pushkarup/CVE-2023-5360/assets/148672587/d82c8093-11df-443f-a8c1-481b954d36cf">


## Table of Contents

- [Introduction](#introduction)
- [Features](#features)
- [Usage](#usage)
  - [Prerequisites](#prerequisites)
  - [Installation](#installation)
  - [Running the Exploit](#running-the-exploit)
- [Results and Logs](#results-and-logs)
- [Disclaimer](#disclaimer)
- [License](#license)
- [Author](#author)
- [Donations](#donations)

## Introduction

This repository contains a Python script designed to check for and exploit the WordPress vulnerability CVE-2023-5360 in websites using the Royal Elementor Addons plugin. The exploit involves uploading a PHP shell to the target website.

## Features

- Asynchronously checks a list of WordPress sites for the CVE-2023-5360 vulnerability.
- Attempts to exploit the vulnerability by uploading a PHP shell.
- Provides detailed logging for each checked and exploited site.
- Includes an ASCII art banner for a professional touch.

## Usage

### Prerequisites

- Python 3.x
- Colorama library (`pip install colorama`)

### Installation

Clone the repository:

```bash
git clone https://github.com/Pushkarup/CVE-2023-5360.git
```

Install dependencies:
```bash
pip install -r requirements.txt
```

### Running the Exploit
1)Prepare a list of target WordPress sites in a text file (e.g., "urls.txt").
2)Run the exploit:
```bash
python CVE-2023-5360.py
```
Follow the prompts to enter the URL list file name and the number of threads for concurrent checking.

# Results and Logs
- exploit.log: Contains detailed logs of the exploit process.
- active-plugin.txt: Lists the URLs with the Royal Elementor Addons plugin.
- exploited.txt: Lists the URLs successfully exploited.

# Disclaimer
This exploit script is intended for educational purposes only. Use it responsibly, and ensure you have the necessary permissions before testing on websites you do not own.

# License
This project is licensed under the MIT License - see the LICENSE file for details.

# Author
- Pushkar Upadhyay
- [GitHub](https://github.com/Pushkarup)
- [LinkedIn](www.linkedin.com/in/pushkar-upadhyay-24p)

# Donations
### Show your support
- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP
- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a
- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a

文件快照


 [4.0K]  /data/pocs/4f87db1651645f24e3678d2ef08faa86a6979341
├── [ 10K]  CVE-2023-5360.py
├── [1.0K]  LICENSE
├── [2.6K]  README.md
└── [  29]  requirements.txt.log

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。