Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-28000 PoC — WordPress Plugin LiteSpeed Cache 安全漏洞

Source
https://github.com/realbotnet/CVE-2024-28000
Associated Vulnerability
Title:WordPress Plugin LiteSpeed Cache 安全漏洞 (CVE-2024-28000)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin LiteSpeed Cache 6.3.0.1及之前版本版本存在安全漏洞,该漏洞源于存在不正确的权限分配漏洞,允许权限提升。
Description
0Day CVE-2024-28000 Auto Exploiter on WordPress LiteSpeed Cache plugin
Readme
<h1 align="left">
  CVE-2024-28000 - 0Day Auto Exploit POC -  by <a href="https://t.me/bl4ckhatx" target="_blank">
      @bl4ckhatx 
  </a>
  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="32"
      height="32"
      alt="telegram logo"
    />
  </a>
</h1>

###

<h3 align="left">
  Unlock the potential of the latest vulnerability—CVE-2024-28000! For serious
  inquiries, <br />
  hit me up on Telegram: 
  <a href="https://t.me/bl4ckhatx" target="_blank">
      @bl4ckhatx 
  </a>
 

  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="20"
      height="20"
      alt="telegram logo"
    />
  </a>
</h3>

###

<div align="center">
  <img src="poc.png" />
</div>

###

<h2 align="left">
  🎯 CVE-2024-28000 - The Ultimate Backdoor to WordPress Domination💢

  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="20"
      height="20"
      alt="telegram logo"
    />
  </a>
</h2>

###

<h2 align="left">Exploitation Path: From Nobody to God Mode</h2>

###

<p align="left">
  Once you’ve cracked the hash, you’re golden. The plugin doesn't bother with
  real security checks, so your spoofed admin credentials will get you full
  control. You can now use the /wp-json/wp/v2/users REST API to create new
  admin-level accounts. With this access, the possibilities are endless: install
  malicious plugins, alter site content, steal user data, or simply crash the
  whole thing for kicks.
</p>

###

<h3 align="left">
  For more details or to secure a customized exploit kit, reach out on Telegram:
    <a href="https://t.me/bl4ckhatx" target="_blank">
      @bl4ckhatx 
  </a>
</h3>

###

<div align="left">
  <a href="https://t.me/bl4ckhatx" target="_blank">
    <img
      src="https://raw.githubusercontent.com/maurodesouza/profile-readme-generator/master/src/assets/icons/social/telegram/default.svg"
      width="52"
      height="40"
      alt="telegram logo"
    />
  </a>
</div>

###
File Snapshot

 [4.0K]  /data/pocs/bc260521ac8a943a77fdf5b31de769405a3f7338
├── [1.5K]  LICENSE
├── [ 20K]  poc.png
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.