Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-25600 PoC — WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability

Source
https://github.com/r0otk3r/CVE-2024-25600
Associated Vulnerability
Title:WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2024-25600)
Description:Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Readme
# Bricks Builder RCE Exploit (CVE-2024-25600)

This project contains a Python-based exploit script targeting the Bricks Builder WordPress plugin Remote Code Execution (RCE) vulnerability identified as **CVE-2024-25600**. The exploit allows unauthorized remote command execution by injecting PHP code via a vulnerable REST API endpoint.

Additionally, an analysis script is provided to parse and summarize the exploit results, including extracting user info and performing IP geolocation lookups.

---

## Features

- Automated nonce extraction from target URL.
- Test payload to verify vulnerability.
- Backdoor payload injection enabling arbitrary command execution via HTTP GET.
- Optional command execution immediately after backdoor injection.
- Supports single targets or multiple targets from a file.
- Proxy support for traffic routing (e.g., through Burp Suite).
- Output logging to file for audit and review.
- Analysis tool to parse result logs and provide detailed summaries with IP geolocation.

---

## Requirements

- Python 3.x
- `curl` command-line tool installed and accessible in PATH.
- Internet access for IP geolocation queries.
- Optional: Proxy (e.g., Burp Suite) for intercepting requests.

---

## Usage

### Exploit Script

```bash
python3 exploit.py -u <target_url> [-p <proxy_url>] [-o <output_file>] [-c <command>]
```

<img width="1350" height="312" alt="help" src="https://github.com/user-attachments/assets/11047d94-0e44-483a-afef-f9fe711508ba" />

### Example:
```bash
python3 cve_2024_25600_bricks_rce.py -u <TARGET> -p "http://127.0.0.1:8080" -o results.txt -c "uname -a"
```
<img width="1349" height="518" alt="rce" src="https://github.com/user-attachments/assets/833999a3-c768-4eb4-a463-c1999b63f959" />

### Analyze Results
```bash
python3 analyze_results.py --input results.txt --output summary.txt
```
- Parses the exploit results file.

- Extracts user info, tokens, timestamps, and other metadata.

- Resolves IP address and fetches geolocation data.

- Outputs a formatted summary report.

## ⚠️ Disclaimer

This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems without permission is illegal and unethical.

---

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
File Snapshot

 [4.0K]  /data/pocs/6065fc3c61537dd3a01e9cd66babb53ec6c2b4c5
├── [5.6K]  analyze_results.py
├── [5.9K]  cve_2024_25600_bricks_rce.py
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →