Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-3102 PoC β€” SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Cr

Source
https://github.com/dennisec/CVE-2025-3102
Associated Vulnerability
Title:SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation (CVE-2025-3102)
Description:The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
Readme
# CVE-2025-3102
πŸ› οΈ SureTriggers Exploit Script
Script ini digunakan untuk mengidentifikasi dan mengeksploitasi celah keamanan pada plugin SureTriggers di situs WordPress yang menggunakan versi rentan (≀ v1.0.78). Jika berhasil, script akan membuat akun admin WordPress secara otomatis.

βš™οΈ Fitur
Deteksi versi plugin SureTriggers

Validasi halaman login WordPress (wp-login.php)

Eksekusi exploit via endpoint REST API

Pembuatan user admin WordPress jika target rentan

Simpan hasil ke file vulnerable.txt

Multi-threading untuk percepatan proses

Penggunaan User-Agent acak

πŸš€ Cara Penggunaan
πŸ“¦ Persiapan
Install dependencies (jika belum):

bash
Copy
Edit
pip install requests
Siapkan file berisi daftar URL target (satu per baris), misalnya targets.txt:

arduino
Copy
Edit
http://example1.com
https://example2.net
...
πŸ§ͺ Eksekusi
bash
Copy
Edit
python exploit.py -l targets.txt -t 10
πŸ”§ Opsi CLI

Opsi	Deskripsi
-l, --target_urls	File teks berisi daftar target
-t, --threads	Jumlah thread (default: 5)
βœ… Contoh Output
less
Copy
Edit
[+] http://example.com - Vulnerable v1.0.75 detected.
[+] http://example.com - Exploit successful! username:password
[+] http://example.com/wp-login.php | username:password (saved)
πŸ“ Catatan
Target hanya dieksploitasi jika:

Plugin SureTriggers ditemukan

Versi plugin ≀ 1.0.78

Halaman wp-login.php valid

File vulnerable.txt akan berisi akun yang berhasil dibuat dalam format:

pgsql
Copy
Edit
http://target.com/wp-login.php | username:password
⚠️ Disclaimer
Script ini dibuat untuk tujuan edukasi dan pengujian keamanan yang sah. Dilarang keras digunakan untuk kegiatan yang melanggar hukum atau tanpa izin dari pemilik sistem. Penulis tidak bertanggung jawab atas penyalahgunaan script ini.

****
File Snapshot

 [4.0K]  /data/pocs/70bfbdd1b4318e2bee436e6ee595ad841dc005a5
β”œβ”€β”€ [1.7K]  README.md
└── [6.1K]  run3.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’