Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2023 PoC — WordPress plugin Custom 404 Pro 跨站脚本漏洞

Source
https://github.com/druxter-x/PHP-CVE-2023-2023-2640-POC-Escalation
Associated Vulnerability
Title:WordPress plugin Custom 404 Pro 跨站脚本漏洞 (CVE-2023-2023)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Custom 404 Pro 3.7.3 版本之前存在跨站脚本漏洞,该漏洞源于在将用户输入信息输出到属性之前不会转义某些 URL,从而导致反射式跨站点脚本。
Readme
**I am not responsible if you use the code improperly or illegally. The purpose of the script is purely educational and nothing more.**


# PHP-CVE-2023-2023-2640-POC-Escalation
<br />
<br />

in this script in **PHP** I tried to create exploit of 

--cve-2023-2640--privilege-escalation CVE-2023-32629 & CVE-2023-2640


<br />
<br />

| ^^^^^^^^^^^^^^^^^^^^^^^  | ^^^^^^^^^^^^^^^^^^^^^^^ |
  | ------------------------ | ------------- |
  | ^^^^^^^^^^^^^^^^^^^^^^^  | ^^^^^^^^^^^^^^^^^^^^^^^  |
  | ^^^^^^^^^^^^^^^^^^^^^^^  | ^^^^^^^^^^^^^^^^^^^^^^^  |
<br />
<br />

>  **USE >>>>>>**


Do not use wget to download the PHP file because the code is downloaded in a messy way. 
It's better to couple the script and create a .php file, then paste the code into it.

 php poc.php


<br />
<br />

> **NOTE**

**the original CVE poc in bash is from**

https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation?tab=readme-ov-file#cve-2023-32629 

[orignal cve rep]([https://pages.github.com/](https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation)https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation).


<br />
<br />

**IMPORTANT**
I am not responsible if you use the code improperly or illegally. The purpose of the script is purely educational and nothing more.
File Snapshot

 [4.0K]  /data/pocs/924882c6c48aadce7f7c3428f5f2a575869f3ed4
├── [ 580]  poc.php
└── [1.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.