POC详情: 60d449a10e16d4166d8b7bfb49f13c7b5ad866ed

来源
https://github.com/Nxploited/CVE-2025-48148
关联漏洞
标题: WordPress plugin StoreKeeper for WooCommerce 代码问题漏洞 (CVE-2025-48148)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin StoreKeeper for WooCommerce 14.4.4及之前版本存在安全漏洞,该漏洞源于危险文件类型上传问题,可能导致恶意文件利用。
描述
StoreKeeper for WooCommerce <= 14.4.4 - Unauthenticated Arbitrary File Upload
介绍
# CVE-2025-48148
StoreKeeper for WooCommerce &lt;= 14.4.4 - Unauthenticated Arbitrary File Upload

# 🚀 StoreKeeper for WooCommerce <= 14.4.4 - Unauthenticated Arbitrary File Upload Exploit

## 📝 Description

The **StoreKeeper for WooCommerce** plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 14.4.4.  
This allows unauthenticated attackers to upload arbitrary files to the affected site's server, potentially leading to remote code execution.

- **CVE:** CVE-2025-48148
- **CVSS:** 9.8 (Critical)

---

## 🛡️ Script Overview

**Script Name:** `CVE-2025-48148.py`

This script is a professional proof-of-concept exploit for CVE-2025-48148, designed to automate the process of uploading a webshell to vulnerable WordPress sites using the StoreKeeper for WooCommerce plugin.

### ⚡ Features & Workflow

- **Automatic Nonce Extraction:**  
  Fetches the required `nonce` token directly from the target URL, ensuring reliability even if the value changes.
- **Custom Shell Creation:**  
  Generates a stealthy, valid PNG file containing a minimal PHP webshell for remote command execution.
- **Advanced Bypass Techniques:**  
  Utilizes multiple HTTP header tricks (User-Agent, Referer, X-Forwarded-For, etc.) to evade security protections and WAFs.
- **Informative Logging:**  
  Provides clear, color-coded output for every stage (extraction, upload, response).
- **Minimal Input Required:**  
  Requires only the site URL; the script automatically determines the correct upload endpoint.
- **SSL Bypass:**  
  Optionally disables SSL verification for targets with self-signed certificates.
- **Debug Mode:**  
  Enables verbose output for troubleshooting or research scenarios.

---

## ⚙️ Usage

```bash
python3 CVE-2025-48148.py -u "http://target.com/wordpress/"
```

**Optional flags:**

- `--debug` &nbsp; Enable verbose output.
- `--insecure` &nbsp; Skip SSL certificate verification.

---

## ✅ Expected Output

- Nonce extraction status and value.
- Shell creation confirmation.
- Upload process status and HTTP response.
- Success message with accessible shell URL if possible.

Example:
```
[*] Extracting nonce...
[+] Nonce extracted: 66e372c7e0
[+] Shell file created: shell.php
[*] Uploading shell...
[+] Upload response:
{"success":true,"data":{"url":"http://target.com/wp-content/uploads/shell.php"}}
```

---

## 📬 Contact & Social

[![X](https://img.shields.io/badge/X-black.svg?logo=X&logoColor=white)](https://x.com/Nxploited)  
[![YouTube](https://img.shields.io/badge/YouTube-%23FF0000.svg?logo=YouTube&logoColor=white)](https://youtube.com/@Nxploited)  
📧 **Email:** [NxploitBot@gmail.com](mailto:NxploitBot@gmail.com)  
📨 **Telegram:** [@Kxploit](https://t.me/Kxploit)  

---

## ⚠️ Disclaimer

This script is provided for educational and authorized penetration testing purposes only.  
**The author is not responsible for any misuse or damage caused by this tool. Always obtain proper permission before testing any system.**

---

***By: Nxploited ( Khaled Alenazi )***
文件快照

 [4.0K]  /data/pocs/60d449a10e16d4166d8b7bfb49f13c7b5ad866ed
├── [3.5K]  CVE-2025-48148.py
├── [1.5K]  LICENSE
├── [3.0K]  README.md
└── [   9]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。