关联漏洞
标题:
WordPress plugin DIGITS 安全漏洞
(CVE-2025-4094)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin DIGITS 8.4.6.1之前版本存在安全漏洞,该漏洞源于未对OTP验证尝试进行速率限制,攻击者可暴力破解。
描述
WordPress Plugin Digits < 8.4.6.1 - OTP Auth Bypass via Bruteforce (CVE-2025-4094)
介绍
# WordPress Plugin Digits OTP Bypass (CVE-2025-4094)
## Overview
This script is an exploit for the WordPress Plugin Digits (versions < 8.4.6.1) that allows for OTP (One-Time Password) authentication bypass via brute force. The exploit leverages a vulnerability identified as CVE-2025-4094. The script has been modified to utilize `ThreadPoolExecutor` for parallel attacks, significantly speeding up the brute-force process.
**Exploit Author:** Saleh Tarawneh
## Requirements
- Python 3.x
- `requests` library
- `argparse` library (included in Python standard library)
- `colorama` library
You can install the required libraries using pip:
```bash
pip install -r requirements.txt
```
## Usage
To run the script, use the following command:
```bash
python3 otp_bypass.py -u <TARGET_URL> -p <PHONE_NUMBER> -i <INSTANCE_ID> [OPTIONS]
```
### Arguments
- `-u`, `--url`: **(Required)** Target URL (e.g., `https://example.com/wp-admin/admin-ajax.php`)
- `-p`, `--phone`: **(Required)** Target phone number (digits only)
- `-i`, `--instance-id`: **(Required)** Instance ID from intercepted request
- `-d`, `--digits`: **(Optional)** OTP length (4 or 6 digits, default is 4)
- `-w`, `--workers`: **(Optional)** Number of parallel workers (default is 10)
- `--start`: **(Optional)** Starting OTP value (default is 0)
- `--end`: **(Optional)** Ending OTP value (default: 9999 for 4-digit, 999999 for 6-digit)
- `--proxy`: **(Optional)** Proxy (e.g., `http://127.0.0.1:8080`)
### Example
```bash
python3 otp_bypass.py -u https://example.com/wp-admin/admin-ajax.php -p 1234567890 -i <INSTANCE_ID> -d 4 -w 10
```
## Output
The script will display progress and results in the terminal. If a valid OTP is found, it will print the successful OTP and a snippet of the response from the server.
## Important Note
**Use responsibly and only on authorized systems.** Unauthorized access to systems is illegal and unethical. This script is intended for educational purposes and security testing with permission.
## License
This project is licensed under the MIT License. See the LICENSE file for details.
## Disclaimer
The author and contributors are not responsible for any misuse or damage caused by this script. Always ensure you have permission to test the systems you are targeting.
文件快照
[4.0K] /data/pocs/e77af86a21bfd55603626c59c98f9df806dbec30
├── [4.8K] digits_otp_bypass_cve2025-4094.py
├── [2.2K] README.md
└── [ 27] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。