💀 Automatic Remote code Execution Exploit Tools | By GhostSec 💀
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
- FOFA =
body="wp-content/plugins/wp-automatic" && header="HTTP/1.1 200 OK" - ZoomEye =
title:"wp-automatic" response.status_code:200 - Shodan =
http.title:"wp-automatic" http.status:200 - Publicwww =
"/wp-content/plugins/wp-automatic"
-
Clone the repository:
git clone https://github.com/fa-rrel/CVE-2024-27954.git cd CVE-2024-27954 -
Install the required packages:
pip install -r requirements.txt
- RCE Usage
python RCE_Exploit.py -u <target_url> or <File.txt>- Nuclei usage
nuclei -t POC.yaml --target http://testphp.vulnweb.com/ or -l WPUrls.txtIf you find this tool useful and want to support the development, consider buying me a coffee:
This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems is strictly prohibited.
This is tools licensed under the MIT License.