Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-25600 PoC — WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability

Source
https://github.com/r0otk3r/CVE-2024-25600
Associated Vulnerability
Title:WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2024-25600)
Description:Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Readme
# Bricks Builder RCE Exploit (CVE-2024-25600)

This project contains a Python-based exploit script targeting the Bricks Builder WordPress plugin Remote Code Execution (RCE) vulnerability identified as **CVE-2024-25600**. The exploit allows unauthorized remote command execution by injecting PHP code via a vulnerable REST API endpoint.

Additionally, an analysis script is provided to parse and summarize the exploit results, including extracting user info and performing IP geolocation lookups.

---

## Features

- Automated nonce extraction from target URL.
- Test payload to verify vulnerability.
- Backdoor payload injection enabling arbitrary command execution via HTTP GET.
- Optional command execution immediately after backdoor injection.
- Supports single targets or multiple targets from a file.
- Proxy support for traffic routing (e.g., through Burp Suite).
- Output logging to file for audit and review.
- Analysis tool to parse result logs and provide detailed summaries with IP geolocation.

---

## Requirements

- Python 3.x
- `curl` command-line tool installed and accessible in PATH.
- Internet access for IP geolocation queries.
- Optional: Proxy (e.g., Burp Suite) for intercepting requests.

---

## Usage

### Exploit Script

```bash
python3 exploit.py -u <target_url> [-p <proxy_url>] [-o <output_file>] [-c <command>]
```

<img width="1350" height="312" alt="help" src="https://github.com/user-attachments/assets/11047d94-0e44-483a-afef-f9fe711508ba" />

### Example:
```bash
python3 cve_2024_25600_bricks_rce.py -u <TARGET> -p "http://127.0.0.1:8080" -o results.txt -c "uname -a"
```
<img width="1349" height="518" alt="rce" src="https://github.com/user-attachments/assets/833999a3-c768-4eb4-a463-c1999b63f959" />

### Analyze Results
```bash
python3 analyze_results.py --input results.txt --output summary.txt
```
- Parses the exploit results file.

- Extracts user info, tokens, timestamps, and other metadata.

- Resolves IP address and fetches geolocation data.

- Outputs a formatted summary report.

## ⚠️ Disclaimer

This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems without permission is illegal and unethical.

---

## Official Channels

- [YouTube @rootctf](https://www.youtube.com/@rootctf)
- [X @r0otk3r](https://x.com/r0otk3r)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →