CVE-2023-5360 PoC — Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload

Source

https://github.com/Pushkarup/CVE-2023-5360

Associated Vulnerability

Title:Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload (CVE-2023-5360)
Description:The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

Description

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

Readme

# CVE-2023-5360
An Open-source EXPLOIT for 
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

<img width="330" alt="Screenshot 2023-11-05 235108" src="https://github.com/Pushkarup/CVE-2023-5360/assets/148672587/d82c8093-11df-443f-a8c1-481b954d36cf">


## Table of Contents

- [Introduction](#introduction)
- [Features](#features)
- [Usage](#usage)
  - [Prerequisites](#prerequisites)
  - [Installation](#installation)
  - [Running the Exploit](#running-the-exploit)
- [Results and Logs](#results-and-logs)
- [Disclaimer](#disclaimer)
- [License](#license)
- [Author](#author)
- [Donations](#donations)

## Introduction

This repository contains a Python script designed to check for and exploit the WordPress vulnerability CVE-2023-5360 in websites using the Royal Elementor Addons plugin. The exploit involves uploading a PHP shell to the target website.

## Features

- Asynchronously checks a list of WordPress sites for the CVE-2023-5360 vulnerability.
- Attempts to exploit the vulnerability by uploading a PHP shell.
- Provides detailed logging for each checked and exploited site.
- Includes an ASCII art banner for a professional touch.

## Usage

### Prerequisites

- Python 3.x
- Colorama library (`pip install colorama`)

### Installation

Clone the repository:

```bash
git clone https://github.com/Pushkarup/CVE-2023-5360.git
```

Install dependencies:
```bash
pip install -r requirements.txt
```

### Running the Exploit
1)Prepare a list of target WordPress sites in a text file (e.g., "urls.txt").
2)Run the exploit:
```bash
python CVE-2023-5360.py
```
Follow the prompts to enter the URL list file name and the number of threads for concurrent checking.

# Results and Logs
- exploit.log: Contains detailed logs of the exploit process.
- active-plugin.txt: Lists the URLs with the Royal Elementor Addons plugin.
- exploited.txt: Lists the URLs successfully exploited.

# Disclaimer
This exploit script is intended for educational purposes only. Use it responsibly, and ensure you have the necessary permissions before testing on websites you do not own.

# License
This project is licensed under the MIT License - see the LICENSE file for details.

# Author
- Pushkar Upadhyay
- [GitHub](https://github.com/Pushkarup)
- [LinkedIn](www.linkedin.com/in/pushkar-upadhyay-24p)

# Donations
### Show your support
- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP
- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a
- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a

File Snapshot


 [4.0K]  /data/pocs/4f87db1651645f24e3678d2ef08faa86a6979341
├── [ 10K]  CVE-2023-5360.py
├── [1.0K]  LICENSE
├── [2.6K]  README.md
└── [  29]  requirements.txt.log

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!