CVE-2020-25213 PoC — wordpress 代码问题漏洞

Source

https://github.com/BLY-Coder/Python-exploit-CVE-2020-25213

Associated Vulnerability

Title:wordpress 代码问题漏洞 (CVE-2020-25213)
Description:WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。ghost是使用在其中的一个用于导入/导出WordPress数据的插件。relevant是使用在其中的一个相关内容显示插件。File Upload是使用在其中的一个文件上传插件。PHP是共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发，支持多种数据库及操作系统。elFinder是一套基于Drupal平台的、开源的AJAX文件管理器。该产品提供多文件上传、图像缩放等功能。 Word

Description

Python exploit for RCE in Wordpress

Readme


## Description

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.


## Demo

```bash
python3 exploit.py url command
python3 exploit.py http://wordpressite.com/ id
```


## Authors

- [@BLY](https://www.github.com/bly-coder)



## Deployment

To deploy:

```bash
  git clone https://github.com/BLY-Coder/Python-exploit-CVE-2020-25213
  run with python3
```

File Snapshot


 [4.0K]  /data/pocs/c65b230f413824226dea084c0f89d2ba5a01fec3
├── [1.9K]  exploit.py
└── [ 765]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!