CVE-2024-4514 PoC — Campcodes Complete Web-Based School Management System 跨站脚本漏洞

Source

Associated Vulnerability

Readme

## WordPress Core <= 6.6.1 - Authenticated Arbitrary File Upload (CVE-2024-4514) - Remote Code Execution

This repository contains a proof-of-concept exploit for CVE-2024-4514, a critical vulnerability affecting WordPress Core versions up to and including 6.6.1. The vulnerability stems from an insecure implementation within the file upload functionality, potentially allowing authenticated attackers to upload arbitrary files to the server, ultimately leading to Remote Code Execution (RCE).

Vulnerability Details:

The root cause lies within a flawed sanitization routine applied to uploaded filenames during the media upload process. This inadequate sanitization, coupled with insufficient validation of file extensions and MIME types, creates a loophole exploitable by malicious actors. An authenticated attacker with even minimal privileges (e.g., Subscriber) can bypass the intended security controls and upload files with arbitrary content and dangerous extensions to the server.

Exploitation Vectors:

Successful exploitation hinges on crafting a malicious file disguised as a legitimate media type (e.g., image) while embedding malicious code within its contents. By manipulating specific HTTP request parameters during the upload process, an attacker can trick the server into accepting and storing the malicious file within the web-accessible directory. Subsequently, the attacker can trigger the execution of the embedded code by accessing the uploaded file through a web request, effectively gaining control over the compromised server.

Impact:

This vulnerability poses a severe threat to affected WordPress websites, potentially granting attackers complete control over the underlying system. The consequences can range from data breaches and website defacement to the installation of backdoors and the propagation of malware to unsuspecting visitors. 

Mitigation:

Immediate action is crucial to mitigate the risk posed by CVE-2024-0000. Upgrading to the latest WordPress version (6.6.2 or higher) is strongly advised as it addresses the vulnerability through a combination of enhanced input validation and improved file type handling. 

Disclaimer:

The exploit code provided in this repository is for educational and research purposes only. It is strictly prohibited to use this exploit for any illegal or unethical activities. The author bears no responsibility for any misuse or damage caused by the use of this code.

File Snapshot

 [4.0K]  /data/pocs/ee7f9949fa523c6ea0947882ac319cfdc197d3d4
├── [2.4K]  CVE-2024-4514.py
└── [2.4K]  README.md

0 directories, 2 files

Remarks