漏洞平台

POC详情： 6b559d2c4b4f2eeb32715406f869540875930ee8

来源

https://github.com/Chocapikk/CVE-2023-5360

关联漏洞

标题： WordPress Plugin Royal Elementor Addons and Templates 代码问题漏洞 (CVE-2023-5360)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Royal Elementor Addons and Templates 1.3.79 版本之前存在代码问题漏洞，该漏洞源于无法正确验证上传的文件，这可能导致远程代码执行。

描述

Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: CVE-2023-5360.

介绍

# 🚀 WordPress Royal Elementor Addons and Templates Exploit

Exploit for the unauthenticated file upload vulnerability in Royal Elementor Addons and Templates < 1.3.79.

## 📌 Description

The `Royal Elementor Addons and Templates` plugin for WordPress is vulnerable to an unauthenticated file upload vulnerability. This exploit leverages this vulnerability to upload malicious payloads to vulnerable WordPress installations.

Vulnerable versions: < 1.3.79  
CVE-ID: CVE-2023-5360  
WPVDB ID: [281518ff‑7816‑4007‑b712‑63aed7828b34](https://wpscan.com/vulnerability/281518ff‑7816‑4007‑b712‑63aed7828b34/)  
CVSSv3.1: 10.0

## 🛠️ Installation

1. Clone the repository:
    ```bash
    git clone https://github.com/Chocapikk/CVE-2023-5360.git
    ```

2. Navigate to the repository's directory:
    ```bash
    cd CVE-2023-5360
    ```

3. Install the required dependencies:
    ```bash
    pip install -r requirements.txt
    ```

## 🛠️ Usage

1. Use the following command to exploit a single URL:
    ```bash
    python3.10 exploit.py -u <TARGET_URL> -v
    ```
   Or use the following command to exploit a list of URLs:
    ```bash
    python3.10 exploit.py -l <URL_LIST_FILE> -v
    ```

Optional arguments:  
`-f, --file` : Use a custom PHP file to upload  
`-o, --output`: Save vulnerable URLs to an output file  
`-t, --threads`: Specify the number of threads to use (default is 200)  
`-T, --timeout`: Specify the request timeout in seconds (default is 10)

## 📣 Disclaimer

🚫 **Usage of this exploit without prior mutual consent is illegal.** It's the end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

## ⚠️ Advisory

Ensure your WordPress installations are fully updated to safeguard against this vulnerability. Particularly, update the `Royal Elementor Addons and Templates` plugin to version 1.3.79 or later.

## 🙏 Acknowledgements

Kudos to all researchers and developers working hard to protect the web!

文件快照


 [4.0K]  /data/pocs/6b559d2c4b4f2eeb32715406f869540875930ee8
├── [8.1K]  exploit.py
├── [2.0K]  README.md
└── [  52]  requirements.txt

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。