Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-29607 PoC — Pluck 代码问题漏洞

Source
https://github.com/CaelumIsMe/CVE-2020-29607-POC
Associated Vulnerability
Title:Pluck 代码问题漏洞 (CVE-2020-29607)
Description:A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.
Readme
# Pluck CMS 4.7.13 File Upload RCE Exploit

![Exploit Banner](https://img.shields.io/badge/Exploit-CVE--2020--29607-red?style=flat-square)

## 🚨 Educational Remote Code Execution Exploit 🚨

**Author:** Ron Jost (Hacker5preme)  
**Reference:** [Exploit-DB](https://www.exploit-db.com/exploits/49283)  
**CVE:** [CVE-2020-29607](https://nvd.nist.gov/vuln/detail/CVE-2020-29607)

---

> **⚠️ Disclaimer:**
> This script is for **educational and authorized testing** purposes only. Do not use it on systems you do not own or have explicit permission to test. The author and contributors are not responsible for any misuse or damage caused by this tool.

---

## 🎯 What is this?

This is a Python 3 exploit script for the **File Upload Restriction Bypass** vulnerability in Pluck CMS **4.7.13**. It allows an authenticated admin user to upload a malicious file (webshell) and achieve remote code execution on the target server.

## 🕹️ Features

- Authenticates as admin using supplied credentials
- Uploads a minimal PHP webshell via the vulnerable file manager
- Provides direct access URL for command execution
- Fully Python 3 compatible

## 📚 References

- [Exploit-DB Entry 49283](https://www.exploit-db.com/exploits/49283)
- [Pluck CMS Official Site](https://github.com/pluck-cms/pluck)

## 🚀 Usage

```bash
python pluck_exploit.py <target_ip> <target_port> <admin_password> <pluckcms_path>
```

### Example

```
python pluck_exploit.py 10.10.10.100 80 admin /pluck
```

## 🛠️ Requirements

- Python 3.x
- `requests` library

Install dependencies with:

```bash
pip install requests
```

## 🧩 How it Works

- Connects to the target Pluck CMS instance and authenticates as admin
- Uploads a `.phar` webshell using the file manager bypass
- Prints the URL to access the webshell and execute commands

## 🎨 Output

The script provides clear, step-by-step output for authentication, upload status, and webshell access.

---

## 👾 For Fun & Learning

This script is a great way to learn about file upload bypasses and remote code execution. Use it responsibly, and always with permission!

---

## 📝 License

This project is for educational use only. No warranty, no guarantees. Hack ethically, stay curious!
File Snapshot

 [4.0K]  /data/pocs/3d50a69db8eb0431b11976cd2bb0a950ba9627ea
├── [1.7K]  pluck_exploit.py
└── [2.3K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →