Skip to content

Latest commit

 

History

History
59 lines (49 loc) · 2.73 KB

README.md

File metadata and controls

59 lines (49 loc) · 2.73 KB

CVE-2024-25600 Exploit - WordPress Bricks Builder Remote Code Execution (RCE)

An exploit script for CVE-2024-25600, a critical unauthenticated Remote Code Execution (RCE) vulnerability in the Bricks Builder plugin for WordPress. This tool detects the flaw, extracts the nonce, and provides an interactive shell for executing arbitrary commands on vulnerable targets. Tested on Bricks Builder version 1.9.5, it affects all versions up to and including 1.9.6. This security flaw allows attackers to remotely inject and execute malicious PHP code without authentication, potentially leading to full site compromise, data theft, or malware distribution.

Author

  • so1icitx

Features

  • Tests WordPress sites for CVE-2024-25600 vulnerability by fetching the nonce and verifying RCE capability.
  • Supports single URL and bulk scanning from a file for vulnerable Bricks Builder instances.
  • Launches an interactive shell for remote command execution on confirmed targets.
  • Multi-threaded scanning (100 threads) for efficient vulnerability detection.
  • Verbose mode for detailed output during exploit attempts.
  • Saves vulnerable URLs to an output file for further analysis.

Prerequisites

  • Python 3.6+
  • Required packages: 
    pip install requests beautifulsoup4 prompt_toolkit

Usage

python3 exploit.py -u <target_url> [options]

Options

  • -u, --url: Target WordPress URL (e.g., http://example.com) - required for single scan.
  • -l, --list: Path to a file with a list of URLs for bulk RCE scanning (optional).
  • -o, --output: File to save vulnerable WordPress URLs (optional).

Examples

  • Basic RCE exploit: 
    python3 exploit.py -u http://10.10.10.10
  • Bulk vulnerability scanning: 
    python3 exploit.py -l targets.txt -o vulnerable.txt
  • Interactive shell (triggered on vulnerable targets): 
    # whoami
# exit

Notes

  • Targets must use the Bricks Builder plugin with the vulnerable /wp-json/bricks/v1/render_element endpoint.
  • Exploits a flaw in user input handling, enabling unauthenticated attackers to execute arbitrary PHP code.
  • Uses 100 threads for bulk scans; adjust max_workers in the script for performance tweaks.
  • SSL verification is disabled to handle self-signed certificates on WordPress sites.
  • Use responsibly on authorized systems only to avoid site compromise or malware risks.
  • Contact me at so1citix.zone242@passinbox.com for support or issues!

Disclaimer

This tool is for educational and authorized security testing purposes only. Unauthorized exploitation of CVE-2024-25600 is illegal and unethical.