Direct Link: https://github.com/ebrasha/CVE-2024-28000
Last Commit: August 26th, 2024
Always verify the code before running. I take no responsibility for what you do.
🎤 README Translation
📸 Screenshot
💎 Introduction
This repository contains a Proof of Concept (PoC) for a critical privilege escalation vulnerability discovered in the LiteSpeed Cache WordPress plugin. The vulnerability, identified as CVE-2024-28000, allows unauthorized users to gain Administrator-level access to a WordPress site by exploiting a weak security hash.
💀 Vulnerability Overview
The LiteSpeed Cache plugin's user simulation feature is protected by a security hash that is weak and predictable. This PoC demonstrates how an attacker can brute-force the security hash, gaining access to Administrator privileges on a targeted WordPress site.
🛠️ Development Environment Setup
- .NET 8
- Newtonsoft.Json
🔥 Requirements
There are no specific prerequisites needed to run this PoC.
📥 Download
To download the executable versions of this PoC, please visit the official Releases page on GitHub. This will allow you to obtain the compiled version ready for use:
📦 Setup and Usage
To use this PoC, simply run the executable and provide the target URL, desired admin username, and password. The exploit will attempt to brute-force the security hash to gain administrator access.
😎 Expected Output
If successful, the PoC allows unauthenticated users to gain Administrator-level access to a WordPress site by brute-forcing a weak security hash used in the plugin.
✅ Mitigation
The vulnerability has been patched in LiteSpeed Cache plugin version 6.4 and above. It is strongly recommended to update to the latest version to avoid this exploit.
🎖️ Credit
- Bug Founder: John Blackbourn
- Profile on Patchstack
❤️ Donation
If you find this project helpful and would like to support further development, please consider making a donation:
🤵 Programmer
Handcrafted with Passion by Ebrahim Shafiei (EbraSha)
- E-Mail: Prof.Shafiei@Gmail.com
- Telegram: @ProfShafiei
☠️ Reporting Issues
If you encounter any issues or have configuration problems, please reach out via email at Prof.Shafiei@Gmail.com. You can also report issues on GitLab or GitHub.
⚠️ Legal Disclaimer
This Proof of Concept (PoC) is provided for educational purposes only. Unauthorized use of this code on systems you do not own or have explicit permission to test is illegal and unethical. By using this PoC, you agree to take full responsibility for any misuse or damage that may result. The author disclaims all liability for actions taken based on the information provided in this repository. Always ensure you have proper authorization before conducting any security testing.
