Bricks Builder WordPress插件远程代码执行漏洞
漏洞信息
漏洞名称: Bricks Builder WordPress插件远程代码执行漏洞
漏洞编号:
- CVE: CVE-2024-25600
漏洞类型: 命令执行
漏洞等级: 高危
漏洞描述: Bricks Builder是一款流行的WordPress页面构建插件,广泛用于创建和定制网站页面。它提供了一个直观的拖放界面,使得非技术用户也能轻松设计网站。由于其广泛的应用,该插件的安全性对大量网站至关重要。此次发现的远程代码执行(RCE)漏洞,编号为CVE-2024-25600,允许攻击者通过注入PHP代码到易受攻击的REST API端点,实现未授权的远程命令执行。漏洞的技术根源在于插件对用户输入的验证不足,导致攻击者可以构造恶意请求执行任意代码。这一漏洞的危害性极高,因为它不需要任何形式的认证即可被利用,且可以导致完全控制受影响的网站。攻击者可以利用此漏洞进行数据泄露、网站篡改、甚至作为进一步攻击的跳板。由于漏洞的利用方式简单且影响广泛,所有使用Bricks Builder插件的WordPress网站都应立即检查并更新到最新版本以避免潜在的安全风险。
产品厂商: Bricks Builder
产品名称: Bricks Builder WordPress Plugin
来源: https://github.com/r0otk3r/CVE-2024-25600
类型: CVE-2024:github search
仓库文件
- README.md
- analyze_results.py
- cve_2024_25600_bricks_rce.py
来源概述
Bricks Builder RCE Exploit (CVE-2024-25600)
This project contains a Python-based exploit script targeting the Bricks Builder WordPress plugin Remote Code Execution (RCE) vulnerability identified as CVE-2024-25600. The exploit allows unauthorized remote command execution by injecting PHP code via a vulnerable REST API endpoint.
Additionally, an analysis script is provided to parse and summarize the exploit results, including extracting user info and performing IP geolocation lookups.
Features
- Automated nonce extraction from target URL.
- Test payload to verify vulnerability.
- Backdoor payload injection enabling arbitrary command execution via HTTP GET.
- Optional command execution immediately after backdoor injection.
- Supports single targets or multiple targets from a file.
- Proxy support for traffic routing (e.g., through Burp Suite).
- Output logging to file for audit and review.
- Analysis tool to parse result logs and provide detailed summaries with IP geolocation.
Requirements
- Python 3.x
curlcommand-line tool installed and accessible in PATH.- Internet access for IP geolocation queries.
- Optional: Proxy (e.g., Burp Suite) for intercepting requests.
Usage
Exploit Script
1 | |
Example:
1 | |
Analyze Results
1 | |
Parses the exploit results file.
Extracts user info, tokens, timestamps, and other metadata.
Resolves IP address and fetches geolocation data.
Outputs a formatted summary report.
⚠️ Disclaimer
This tool is intended for authorized security testing and educational purposes only. Unauthorized use against systems without permission is illegal and unethical.