The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php
file.
An attacker can control the values passed to an include
statement, leveraging that to achieve remote code execution. This vulnerability allows unauthenticated attackers to execute code on the server easily.
pip install -r requirements.txt
python exploit.py -u <base_url>
Replace <base_url>
with the base URL of the target WordPress site. Ensure that the target site is vulnerable to CVE-2023-6553 and that you have the appropriate authorization to perform testing.
For example:
python exploit.py -u https://example.com
-f
option or output the results to a file using the -o
option.-t
option followed by the number of threads:python exploit.py -f urls.txt -t 10 -o vulnerable.txt
urls.txt
using 10 threads and output the results to vulnerable.txt
.exit
.clear
.Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…