Exploit for CVE-2023-6553

Name: Exploit for CVE-2023-6553
Rating: 5 (471 reviews)

2023-12-27 | CVSS 9.8

## https://sploitus.com/exploit?id=D04557EB-6BF0-5815-991A-22D79F8254E5
# CVE-2023-6553 PoC (LFI to RCE)

Unauthenticated Remote Code Execution in Backup Migration (WordPress Plugin).

## Run

```
$ python exploit.py 
```

The following PHP script is executed.
```php
<?php `date > out.txt`; ?>
```

## References

- Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin  
https://www.wordfence.com/blog/2023/12/critical-unauthenticated-remote-code-execution-found-in-backup-migration-plugin/
- synacktiv/php_filter_chain_generator  
https://github.com/synacktiv/php_filter_chain_generator/
- LFI2RCE via PHP Filters - HackTricks  
https://book.hacktricks.xyz/pentesting-web/file-inclusion/lfi2rce-via-php-filters