## https://sploitus.com/exploit?id=B95DDF3F-F614-57F8-AAF7-C158ABE57264
# POC for CVE-2024-10924
An error handling flaw in the REST API of the Really Simple Plugins WordPress plugin (versions between 9.0.0 and 9.1.1.1 included) allows an attacker, when Two-Factor Authentication is enabled, to bypass authentication and take control of an existing user or administrator account.
As I'm a nice guy, you'll also find version 9.1.1.1 of the plugin. Just unzip and upload it in the `wp-content/plugins` folder. Don't forget to activate the plugin and enable 2FA.
## Requirements
Install the required dependencies using `pip`:
```bash
pip install -r requirements.txt
```
#### Dependencies List
- **argparse**: For parsing command-line arguments
- **validator-collection**: To validate the URL format.
- **requests**: To send HTTP POST requests.
- **random**: To generate a random nonce for the payload
## Usage
### Command Syntax
```bash
python exploit.py [-id USER_ID] URL
```
### Examples
1. **With a specific User ID**:
```bash
python exploit.py -id 10 http://localhost:8886/
```
This sends the exploit payload with a user ID of `10`.
2. **Without specifying User ID**:
```bash
python exploit.py http://localhost
```
Defaults the User ID to `1`.
## Example Output
### Successful Exploit
```plaintext
Exploit successful.
--------------------------------------------------
session_id=xyz123; path=/; HttpOnly
--------------------------------------------------
```
### Failed Exploit
```plaintext
Exploit failed. Maybe the target is not vulnerable or the user ID is incorrect.
```
## Security Considerations
- **Use responsibly**: This script is for educational and penetration testing purposes only.
- **Authorization**: Ensure you have explicit permission to test the target system.
- **HTTPS**: Disable SSL verification (`verify=False`) only if necessary for testing.
## License
IDK but I'm not responsible for anything.