This is a Python3 program that exploits Really Simple Security < 9.1.2 authentication bypass vulnerability (CVE-2024-10924).
This tool is intended for security engineers and appsec people for security assessments. Please use this tool responsibly. I do not take responsibility for the way in which any one uses this application. I am NOT responsible for any damages caused or any crimes committed by using this tool.
- CVE-ID: CVE-2024-10924
- Link: https://www.cve.org/CVERecord?id=CVE-2024-10924
- Description: This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
- Fix: https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl
- Wordfence bulletin: https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass
$ ./exploit.py --help
usage: exploit.py [-h] -t TARGET [-uid USER_ID] [-v]
Exploit for Really Simple Security < 9.1.2 authentication bypass vulnerability (CVE-2024-10924). - v1.0 (2024-11-19)
options:
-h, --help show this help message and exit
-t TARGET, --target TARGET
URL of the target WordPress
-uid USER_ID, --user-id USER_ID
Victim user ID (1 is usually the admin).
-v, --verbose verbose mode
./exploit.py -t http://localhost:1337
./exploit.py -t http://localhost:1337 -uid 1 -v
A vulnerable application can be setup using this repository.
- Antonio Francesco Sardella - implementation - m3ssap0
See the LICENSE file for details.
- István Márton, the security researcher who discovered the vulnerability.