The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php
file.
An attacker can control the values passed to an include
statement, leveraging that to achieve remote code execution. This vulnerability allows unauthenticated attackers to execute code on the server easily.
pip install -r requirements.txt
python exploit.py -u <base_url>
Replace <base_url>
with the base URL of the target WordPress site. Ensure that the target site is vulnerable to CVE-2023-6553 and that you have the appropriate authorization to perform testing.
For example:
python exploit.py -u https://example.com
-f
option or output the results to a file using the -o
option.-t
option followed by the number of threads:python exploit.py -f urls.txt -t 10 -o vulnerable.txt
urls.txt
using 10 threads and output the results to vulnerable.txt
.exit
.clear
.The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…