漏洞平台

POC详情： cffd802d787ba8c1b01e37ca8552f3a25ab1c0dd

来源

https://github.com/0xgh057r3c0n/CVE-2025-34085

关联漏洞

标题： WordPress plugin Simple File List 安全漏洞 (CVE-2025-34085)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Simple File List 4.2.3之前版本存在安全漏洞，该漏洞源于无限制文件上传，可能导致远程代码执行。

描述

WordPress Simple File List Unauthenticated RCE Exploit

介绍

<p align="center">
  <img src="https://s.w.org/style/images/about/WordPress-logotype-wmark.png" alt="WordPress Logo" width="300"/>
</p>

# CVE-2025-34085 — WordPress Simple File List Unauthenticated RCE Exploit

An automated exploit and scanner for **CVE-2025-34085**, a critical vulnerability in the **WordPress Simple File List** plugin, enabling **unauthenticated remote code execution** through arbitrary file upload and rename functionalities.

---

## 📄 CVE Summary

- **CVE ID:** CVE-2025-34085  
- **Affected Component:** WordPress Plugin — Simple File List  
- **Vulnerability Type:** Unauthenticated File Upload & File Rename to Executable  
- **Impact:** Remote Code Execution (RCE)  
- **Exploit Author:** [0xgh057r3c0n](https://github.com/0xgh057r3c0n)  
- **Access Vector:** Remote, unauthenticated

---

## ⚙️ Exploit Workflow

1. **Unauthenticated File Upload**  
   - Uploads a malicious file to:  
     `/wp-content/plugins/simple-file-list/ee-upload-engine.php`

2. **Rename to PHP Extension**  
   - Renames the uploaded file to a `.php` or similar extension via:  
     `/wp-content/plugins/simple-file-list/ee-file-engine.php`

3. **Execute Payload**  
   - Executes arbitrary commands by accessing the renamed web shell.

---

## 🚀 Usage

### 📌 Single Target
```bash
python3 CVE-2025-34085.py -u http://target.com --cmd "id"
````

### 📄 Multiple Targets

Put target URLs in `targets.txt` (one per line), then run:

```bash
python3 CVE-2025-34085.py --cmd "whoami"
```

---

## 🔧 Command-Line Options

| Argument   | Description                                            |
| ---------- | ------------------------------------------------------ |
| `-u`       | Target URL (e.g., `http://example.com`)                |
| `--cmd`    | Command to execute on the remote shell (default: `id`) |
| `--inline` | Use inline payload (no `?cmd=` parameter)              |

---

## ✅ Sample Output

```
[+] http://target.com | http://target.com/wp-content/uploads/simple-file-list/shell.php
uid=33(www-data) gid=33(www-data) groups=33(www-data)
```

Successful targets are saved to `vuln.txt`.

---

## 📁 Files

* `CVE-2025-34085.py` — Main exploit script
* `targets.txt` — (Optional) List of target domains
* `vuln.txt` — Log of successful exploits

---

## 🛡️ Mitigation

Administrators should:

* Update the plugin to its latest secure version.
* Restrict public access to upload and rename endpoints.
* Monitor uploaded content for unexpected PHP files.
* Deploy a WAF or endpoint protection system.

---

## 📘 Disclaimer

This project is intended for **educational and authorized testing purposes only**.
The author bears **no responsibility** for misuse or damage caused by this tool.

---

## 📄 License

This project is licensed under the **MIT License**.
📄 [View Full License Text](https://github.com/0xgh057r3c0n/CVE-2025-34085/blob/main/LICENSE)

---

## 👨‍💻 Author

**0xgh057r3c0n**
🔗 GitHub: [github.com/0xgh057r3c0n](https://github.com/0xgh057r3c0n)

---

文件快照


 [4.0K]  /data/pocs/cffd802d787ba8c1b01e37ca8552f3a25ab1c0dd
├── [6.1K]  CVE-2025-34085.py
├── [1.1K]  LICENSE
└── [3.0K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。