Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
exploit.py		exploit.py

Repository files navigation

CVE-2023-6553 PoC (LFI to RCE)

Unauthenticated Remote Code Execution in Backup Migration (WordPress Plugin).

Run

$ python exploit.py

The following PHP script is executed.

<?php `date > out.txt`; ?>

References

Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin
https://www.wordfence.com/blog/2023/12/critical-unauthenticated-remote-code-execution-found-in-backup-migration-plugin/
synacktiv/php_filter_chain_generator
https://github.com/synacktiv/php_filter_chain_generator/
LFI2RCE via PHP Filters - HackTricks
https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters

About

No description, website, or topics provided.

Report repository

Releases

No releases published

Packages

No packages published

Languages

Python 100.0%