支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 9614fa1e9ae96777f9b9b27cc8aed6029d1c07a6

来源
https://github.com/MrPayloadC/CVE-2025-0316-Exploit
关联漏洞
标题:WordPress plugin WP Directorybox Manager 安全漏洞 (CVE-2025-0316)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP Directorybox Manager存在安全漏洞,该漏洞源于容易受到身份验证绕过问题的影响。
介绍
# CVE-2025-0316-Exploit

# CVE-2025-0316 Exploit Toolkit

🚨 Auth Bypass Exploit for WordPress Plugin WP Directorybox Manager <= 2.5

> 🔥 Automated exploit script for CVE-2025-0316 — Auth Bypass via vulnerable AJAX action.

### ⚠️ Legal Notice
This tool is intended strictly for:
- Research
- Red Team simulation
- Authorized security assessment

Using this tool against targets without consent is illegal.

---

## 🛠 Features
- 🔍 User enumeration via `?author=` trick
- 🚪 Exploit vulnerable plugin action to gain admin panel access
- 🧠 Auto cookie save + login popup
- 🌐 Proxy support + random user-agents
- 💻 Multi-threaded and delay-tunable

---

## ✅ Tested On
- WordPress 6.x
- Plugin: WP Directorybox Manager <= 2.5

---

## 🚀 Usage
```bash
python3 exploit.py -u https://victim-site.com -t 5 -d 1
```

Options:
- -u, --url: Target WordPress site
- -t, --threads: Number of parallel threads (default 3)
- -d, --delay: Delay between requests (default 1.5s)

---

---

## 📁 Output
- Logs saved in `logs/`
- Cookies saved as JSON
- Browser auto-login on success

---

---

## 
```
 ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣶⣖⠠⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠠⣿⣿⣿⣿⣾⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⢠⢤⡄⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⣿⣯⢻⡇⠀⠀⠀⠀⠀⠀⠀⢀⣤⣷⠏⠉⠉⢞⠀
⠀⠀⠀⠀⢀⢠⣤⣶⣿⣿⣿⣿⡽⢻⣷⣦⣆⣤⣀⣢⣤⡾⠟⠁⠀⠀⠀⠀⠀
⠀⠀⠀⢀⣭⣿⣿⣿⣿⣿⣿⣿⡿⡟⡘⢿⣿⣍⡉⢍⢁⠁⠀⠀⠀⡠⠀⢆⣠
⠀⠀⢠⣾⣯⣿⣿⣿⣿⢿⡻⣿⣿⣇⣷⣾⠻⣿⣿⣿⣷⣾⣷⣨⣣⣳⢾⣻⣝
⠀⣐⣽⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⠄⠹⢻⠻⡿⣿⣿⣷⣽⡷⣿⣏⡀
⣰⣾⣿⣿⣿⣿⣿⣿⣿⣿⣽⣿⢯⣼⣿⣿⡷⠀⠀⠀⠀⠈⠛⢾⡈⠙⢇⡌⢇
⣻⣿⣿⣿⡏⠈⣿⣿⣿⣿⣿⡿⡿⣿⣟⣿⣧⡧⠄⠀⠀⠀⠀⠀⠀⠀⠀⠈⠂
⢘⢿⣿⣿⣥⠻⣿⣿⣿⣿⡿⣿⣿⣟⣿⣿⣿⣿⣛⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠘⠁⡈⣻⣯⡭⡟⣿⣽⣿⣿⣿⣿⣿⣯⡛⠹⣿⣦⢀⠀⠀⠀⠀⢀⣀⣤⠔
⠀⠀⠀⡏⢩⣿⣿⣿⣿⣿⣿⣤⣦⣤⣈⣋⣭⡴⠾⣿⣿⡿⠞⠛⠛⠋⠉⠀⠀
⠀⠀⣘⠇⢾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣞⣷⡀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀
⠀⠀⡏⠀⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿⣿⣿⣿⣎⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠰⠀⠹⢻⡻⡽⢿⣳⠯⡹⣿⠷⡩⢿⣿⣿⣿⣿⣎⠓⠀⠀⠀⠀⠀⠀⠀⠀
```

## 
this exploit is fully open source so u can use it without any tension or fear and if u find any issues in my code just send a msg to me ill fix it 
# REQUIRMENTS
requests
colorama
termcolor
browser-cookie3


---

## 👤 Author
MrPayloadC
 - A ORDINARY PERSON
文件快照

 [4.0K]  /data/pocs/9614fa1e9ae96777f9b9b27cc8aed6029d1c07a6
├── [3.3K]  exploit.py
├── [ 785]  helpers.py
├── [2.6K]  README.md
├── [1.2K]  recon.py
├── [ 750]  session_handler.py
└── [ 427]  user_agents.txt

0 directories, 6 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。