Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-25600 PoC — WordPress Plugin Bricks Builder Theme 安全漏洞

Source
https://github.com/r0otk3r/CVE-2024-25600
Associated Vulnerability
Title:WordPress Plugin Bricks Builder Theme 安全漏洞 (CVE-2024-25600)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Bricks Builder Theme 1.9.6版本存在安全漏洞,该漏洞源于允许攻击者通过利用随机数泄漏来绕过身份验证来执行任意 PHP 代码。
Readme
# Bricks Builder RCE Exploit (CVE-2024-25600)

This project contains a Python-based exploit script targeting the Bricks Builder WordPress plugin Remote Code Execution (RCE) vulnerability identified as **CVE-2024-25600**. The exploit allows unauthorized remote command execution by injecting PHP code via a vulnerable REST API endpoint.

Additionally, an analysis script is provided to parse and summarize the exploit results, including extracting user info and performing IP geolocation lookups.

---

## Features

- Automated nonce extraction from target URL.
- Test payload to verify vulnerability.
- Backdoor payload injection enabling arbitrary command execution via HTTP GET.
- Optional command execution immediately after backdoor injection.
- Supports single targets or multiple targets from a file.
- Proxy support for traffic routing (e.g., through Burp Suite).
- Output logging to file for audit and review.
- Analysis tool to parse result logs and provide detailed summaries with IP geolocation.

---

## Requirements

- Python 3.x
- `curl` command-line tool installed and accessible in PATH.
- Internet access for IP geolocation queries.
- Optional: Proxy (e.g., Burp Suite) for intercepting requests.

---

## Usage

### Exploit Script

```bash
python3 exploit.py -u <target_url> [-p <proxy_url>] [-o <output_file>] [-c <command>]
```

<img width="1350" height="312" alt="help" src="https://github.com/user-attachments/assets/11047d94-0e44-483a-afef-f9fe711508ba" />

### Example:
```bash
python3 cve_2024_25600_bricks_rce.py -u <TARGET> -p "http://127.0.0.1:8080" -o results.txt -c "uname -a"
```
<img width="1349" height="518" alt="rce" src="https://github.com/user-attachments/assets/833999a3-c768-4eb4-a463-c1999b63f959" />

### Analyze Results
```bash
python3 analyze_results.py --input results.txt --output summary.txt
```
- Parses the exploit results file.

- Extracts user info, tokens, timestamps, and other metadata.

- Resolves IP address and fetches geolocation data.

- Outputs a formatted summary report.

## ⚠️ Disclaimer

This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems without permission is illegal and unethical.

---

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
File Snapshot

 [4.0K]  /data/pocs/6065fc3c61537dd3a01e9cd66babb53ec6c2b4c5
├── [5.6K]  analyze_results.py
├── [5.9K]  cve_2024_25600_bricks_rce.py
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.