Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-7627 PoC — Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition

Source
https://github.com/lkmn1/CVE-2024-7627
Associated Vulnerability
Title:Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition (CVE-2024-7627)
Description:The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.
Description
POC CVE-2024-7627
Readme
# Exploit for CVE-2024-7627 — Bit File Manager (WordPress) Unauthenticated RCE Exploit

## 📌 Description
This repository contains a proof-of-concept (PoC) exploit for **CVE-2024-7627**, a critical **Unauthenticated Remote Code Execution (RCE)** vulnerability in the **Bit File Manager** WordPress plugin (versions **6.0 – 6.5.5**).  

When the **Guest User Read** feature is enabled, the plugin exposes a race condition inside the `checkSyntax` function.  
This function writes a temporary PHP file into `/wp-content/uploads/` before validation, allowing attackers to request the file and execute arbitrary system commands.

- **Vulnerability Type:** Unauthenticated RCE  
- **Affected Versions:** Bit File Manager 6.0 – 6.5.5  
- **Patched Version:** 6.5.6  
- **CVSS Score:** 9.8 (Critical)  

---

## ⚡ Features
- Automatically extracts a valid **AJAX nonce** from the target.  
- Retrieves a random writable file hash for exploitation.  
- Performs race condition using **async parallel requests**.  
- Provides an **interactive reverse shell-like interface** for executing commands.  

---

## 🔧 Requirements
- Python **3.8+**  
- Dependencies: `requests`, `aiohttp`, `asyncio`, `beautifulsoup4`  

Install dependencies:
```bash
pip install requests aiohttp beautifulsoup4
```

## example output
```bash
[*] Getting a valid AJAX nonce...
[+] Found the valid AJAX nonce: 65a1d91c63
[*] Getting a random file hash...
[+] Starting interactive shell. Type 'exit' to quit.

lab-shell> id
uid=33(www-data) gid=33(www-data) groups=33(www-data)

lab-shell> uname -a
Linux victim-wp 5.15.0-78-generic #85-Ubuntu SMP x86_64 GNU/Linux

lab-shell> whoami
www-data
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →