漏洞平台

POC详情： a677ff0441fd5ebc20d363482c4ab9a6b3e68608

来源

https://github.com/so1icitx/CVE-2024-25600

关联漏洞

标题： WordPress Plugin Bricks Builder Theme 安全漏洞 (CVE-2024-25600)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Bricks Builder Theme 1.9.6版本存在安全漏洞，该漏洞源于允许攻击者通过利用随机数泄漏来绕过身份验证来执行任意 PHP 代码。

描述

Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely.

介绍

# CVE-2024-25600 Exploit - WordPress Bricks Builder Remote Code Execution (RCE) 

An exploit script for **CVE-2024-25600**, a critical **unauthenticated Remote Code Execution (RCE)** vulnerability in the **Bricks Builder plugin** for **WordPress**. This tool detects the flaw, extracts the nonce, and provides an **interactive shell** for executing arbitrary commands on vulnerable targets. Tested on **Bricks Builder version 1.9.5**, it affects all versions up to and including **1.9.6**. This **security flaw** allows attackers to remotely inject and execute **malicious PHP code** without authentication, potentially leading to **full site compromise**, **data theft**, or **malware distribution**.

## Author
- **so1icitx**

## Features
- Tests **WordPress** sites for **CVE-2024-25600** vulnerability by fetching the nonce and verifying **RCE** capability.
- Supports single URL and bulk scanning from a file for **vulnerable Bricks Builder** instances.
- Launches an **interactive shell** for **remote command execution** on confirmed targets.
- Multi-threaded scanning (100 threads) for efficient **vulnerability detection**.
- Verbose mode for detailed output during **exploit attempts**.
- Saves **vulnerable URLs** to an output file for further analysis.

## Prerequisites
- **Python 3.6+**
- Required packages:
  ```bash
  pip install requests beautifulsoup4 prompt_toolkit
  ```

## Usage
```bash
python3 exploit.py -u <target_url> [options]
```

### Options
- `-u, --url`: Target **WordPress** URL (e.g., `http://example.com`) - required for single scan.
- `-l, --list`: Path to a file with a list of URLs for bulk **RCE scanning** (optional).
- `-o, --output`: File to save **vulnerable WordPress URLs** (optional).

### Examples
- Basic **RCE exploit**:
  ```bash
  python3 exploit.py -u http://10.10.10.10
  ```
- Bulk **vulnerability scanning**:
  ```bash
  python3 exploit.py -l targets.txt -o vulnerable.txt
  ```
- **Interactive shell** (triggered on vulnerable targets):
  ```bash
  # whoami
  # exit
  ```

## Notes
- Targets must use the **Bricks Builder plugin** with the vulnerable `/wp-json/bricks/v1/render_element` endpoint.
- Exploits a flaw in user input handling, enabling **unauthenticated attackers** to execute **arbitrary PHP code**.
- Uses 100 threads for bulk scans; adjust `max_workers` in the script for performance tweaks.
- SSL verification is disabled to handle self-signed certificates on **WordPress sites**.
- Use responsibly on authorized systems only to avoid **site compromise** or **malware risks**.
- Contact me at `so1citix.zone242@passinbox.com` for support or issues!

## Disclaimer
This tool is for **educational** and **authorized security testing** purposes only. Unauthorized exploitation of **CVE-2024-25600** is illegal and unethical.

---

文件快照


 [4.0K]  /data/pocs/a677ff0441fd5ebc20d363482c4ab9a6b3e68608
├── [8.4K]  exploit.py
├── [ 11K]  IF OTHER DOESNT WORK TRY THIS.py
├── [1.0K]  LICENSE
└── [2.7K]  README.md

0 directories, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。