Share
## https://sploitus.com/exploit?id=6443637C-D399-5B7B-A40E-B5C419B99F44
# CVE-2023-5360
An Open-source EXPLOIT for 
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

<img width="330" alt="Screenshot 2023-11-05 235108" src="https://github.com/Pushkarup/CVE-2023-5360/assets/148672587/d82c8093-11df-443f-a8c1-481b954d36cf">


## Table of Contents

- [Introduction](#introduction)
- [Features](#features)
- [Usage](#usage)
  - [Prerequisites](#prerequisites)
  - [Installation](#installation)
  - [Running the Exploit](#running-the-exploit)
- [Results and Logs](#results-and-logs)
- [Disclaimer](#disclaimer)
- [License](#license)
- [Author](#author)
- [Donations](#donations)

## Introduction

This repository contains a Python script designed to check for and exploit the WordPress vulnerability CVE-2023-5360 in websites using the Royal Elementor Addons plugin. The exploit involves uploading a PHP shell to the target website.

## Features

- Asynchronously checks a list of WordPress sites for the CVE-2023-5360 vulnerability.
- Attempts to exploit the vulnerability by uploading a PHP shell.
- Provides detailed logging for each checked and exploited site.
- Includes an ASCII art banner for a professional touch.

## Usage

### Prerequisites

- Python 3.x
- Colorama library (`pip install colorama`)

### Installation

Clone the repository:

```bash
git clone https://github.com/Pushkarup/CVE-2023-5360.git
```

Install dependencies:
```bash
pip install -r requirements.txt
```

### Running the Exploit
1)Prepare a list of target WordPress sites in a text file (e.g., "urls.txt").
2)Run the exploit:
```bash
python CVE-2023-5360.py
```
Follow the prompts to enter the URL list file name and the number of threads for concurrent checking.

# Results and Logs
- exploit.log: Contains detailed logs of the exploit process.
- active-plugin.txt: Lists the URLs with the Royal Elementor Addons plugin.
- exploited.txt: Lists the URLs successfully exploited.

# Disclaimer
This exploit script is intended for educational purposes only. Use it responsibly, and ensure you have the necessary permissions before testing on websites you do not own.

# License
This project is licensed under the MIT License - see the LICENSE file for details.

# Author
- Pushkar Upadhyay
- [GitHub](https://github.com/Pushkarup)
- [LinkedIn](www.linkedin.com/in/pushkar-upadhyay-24p)

# Donations
### Show your support
- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP
- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a
- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a