Unauthenticated RCE in WordPress Bricks Builder

Repository contains a single Python PoC exploit (CVE-2024-25600.py) plus a README. The exploit targets CVE-2024-25600 (unauthenticated RCE in WordPress Bricks Builder <= 1.9.6) by abusing the Bricks template render REST endpoint. Core flow in CVE-2024-25600.py: - fetch_nonce(target): GETs the target homepage (TLS verification disabled) and parses HTML with BeautifulSoup to find a script tag with id "bricks-scripts-js-extra"; extracts a hex nonce via regex. - check_payload(nonce): builds a JSON body that triggers a PHP Exception containing a fixed marker string (KHABuhwxnUHDDW) to confirm code execution. - shell_payload(nonce, command): builds a JSON body that injects PHP ("<?php throw new Exception(`{command}`);?>") to execute arbitrary OS commands via backticks. - exploit(target): iterates over two known endpoint paths ("/wp-json/bricks/v1/render_element" and "/?rest_route=/bricks/v1/render_element"), POSTs the check payload, and if the marker is observed, launches interactive_shell. - interactive_shell(target, nonce, working_path): provides a prompt_toolkit-based interactive loop; each command is POSTed to the vulnerable endpoint and output is extracted from response JSON at data.html (with "Exception: " stripped). Notable characteristics: - Unauthenticated network RCE with interactive command execution. - No hardcoded C2 infrastructure; only user-supplied target URL is contacted. - Uses a simple exception-based output channel (command output returned inside the thrown Exception and reflected in the endpoint response).

This repository contains a fully functional exploit for CVE-2024-25600, a critical unauthenticated remote code execution vulnerability in the Bricks Builder WordPress plugin (versions <=1.9.6). The main exploit script, 'Exploit/brickbreaker.py', is a Python 3 tool that automates exploitation by interacting with the vulnerable REST API endpoint '/wp-json/bricks/v1/render_element'. It supports multiple payload types (code, container, carousel), provides an interactive shell with rich formatting, and enables file upload/download and reverse shell generation. The exploit is operational and can be used for both single-target and batch exploitation. The repository also includes a detailed README with usage instructions and a writeup documenting exploitation steps and post-exploitation analysis. The exploit is not part of a framework and is self-contained, requiring only Python and the 'httpx' and 'rich' libraries.

This repository contains a Python exploit for CVE-2024-25600, a critical unauthenticated remote code execution vulnerability in the WordPress Bricks Builder plugin (prior to version 1.9.6). The exploit targets the 'render_element' REST API endpoint, which improperly handles user input, allowing arbitrary PHP code execution. The repository consists of two files: a README.md with usage instructions and a detailed description, and 'cve-2024-25600.py', the main exploit script. The script automates nonce extraction, supports both vulnerable endpoints, and provides an interactive shell for executing arbitrary commands on the target server. It also supports bulk scanning of multiple targets via a file and multi-threading. The exploit works by injecting PHP code that executes system commands and returns their output, effectively granting the attacker remote shell access. The code is operational and provides a working exploit with an interactive shell, but is not part of a larger exploitation framework.

This repository provides a Python-based exploit for CVE-2024-25600, a remote code execution vulnerability in the Bricks Builder WordPress plugin. The main exploit script (cve_2024_25600_bricks_rce.py) automates the process of extracting a required nonce from the target, testing for vulnerability, and injecting a PHP backdoor via a vulnerable REST API endpoint. Once the backdoor is in place, the attacker can execute arbitrary system commands on the target by sending HTTP GET requests with a 'cmd' parameter. The script supports single or multiple targets, proxying (e.g., via Burp Suite), and logs results to a file. An auxiliary analysis script (analyze_results.py) parses the output logs, extracts user and token information, and performs IP geolocation lookups for reporting. The exploit is operational, providing a working payload and automation for exploitation and post-exploitation analysis. The main attack vector is network-based, targeting the exposed REST API endpoint of vulnerable WordPress installations.

This repository contains a Python exploit tool (Poleposph.py) targeting CVE-2024-25600, a remote code execution vulnerability in the WordPress Bricks Builder plugin. The main file, Poleposph.py, is a command-line tool that can scan single or multiple WordPress sites for the vulnerability and, if found, provides an interactive shell for executing arbitrary PHP commands on the target server. The exploit works by first fetching a nonce value from the target site, then sending a crafted JSON payload to the Bricks Builder REST API endpoints (/wp-json/bricks/v1/render_element or /?rest_route=/bricks/v1/render_element) to trigger code execution. The repository also includes a README.md with a brief description and a LICENSE file. The exploit is operational, providing real command execution on vulnerable targets, and is not part of a larger framework.

This repository contains a working exploit for CVE-2024-25600, an unauthenticated remote code execution (RCE) vulnerability in the Bricks Builder WordPress plugin (version 1.9.6 and below). The exploit is implemented in Python (exploit.py) and provides both single-target and mass-scanning capabilities. It works by first fetching a required nonce from the target site's HTML, then sending a specially crafted JSON payload to the /wp-json/bricks/v1/render_element REST API endpoint. The payload abuses the 'queryEditor' parameter to inject PHP code that executes arbitrary system commands. If successful, the exploit provides an interactive shell for the attacker, allowing ongoing command execution on the compromised server. The repository also includes a README.md with usage instructions and a LICENSE file. The exploit is operational and can be used for both vulnerability verification and post-exploitation command execution.

This repository contains a fully functional exploit for CVE-2024-25600, a critical unauthenticated remote code execution (RCE) vulnerability in the Bricks Builder plugin for WordPress (versions <= 1.9.6). The exploit is implemented in Python (two scripts: 'exploit.py' and 'IF OTHER DOESNT WORK TRY THIS.py', which are functionally similar). The exploit works by first fetching a nonce from the target WordPress site, then sending a specially crafted POST request to the '/wp-json/bricks/v1/render_element' REST API endpoint. The payload abuses the 'queryEditor' parameter to inject PHP code that executes arbitrary system commands, with the output returned via an exception in the HTML response. The script supports both single-target and bulk scanning, and provides an interactive shell for command execution on vulnerable targets. The repository also includes a README with detailed usage instructions and a LICENSE file. The exploit is operational and can be used to fully compromise affected WordPress sites running the vulnerable plugin.

This repository provides a full exploit environment and exploit code for CVE-2024-25600, a remote code execution vulnerability in the Bricks Builder WordPress plugin. The repository includes a Dockerized WordPress setup (with plugins and themes) for local testing, and a Python exploit script (exploit/exploit.py) that targets the Bricks Builder REST API endpoints. The exploit works by first retrieving a nonce from the target site, then sending a crafted POST request to the /bricks/v1/render_element endpoint with a PHP payload that executes arbitrary system commands. The exploit script provides an interactive shell to the attacker, allowing arbitrary command execution as the web server user. The main fingerprintable endpoints are the local test WordPress site (http://127.0.0.1:8080) and the Bricks Builder REST API endpoints. The exploit is operational and demonstrates full remote code execution capabilities.

This repository provides a Python-based exploit tool targeting CVE-2024-25600, a critical unauthenticated remote code execution vulnerability in the Bricks Builder plugin for WordPress (versions 1.8 through 1.9.6). The exploit automates the process of retrieving a required nonce from the target site, then sends specially crafted POST requests to the vulnerable REST API endpoint (/wp-json/bricks/v1/render_element or /?rest_route=/bricks/v1/render_element). The payloads leverage different element types and settings to inject PHP code or commands, resulting in arbitrary code execution on the server. The tool supports both interactive and batch exploitation modes, allows payload customization, and can confirm successful RCE. The repository consists of a main exploit script (exploit.py), a requirements file for dependencies, and a detailed README with usage instructions and PoC payloads. No hardcoded IPs or domains are present; the tool is designed to be used against user-supplied WordPress site URLs.

This repository provides a Python-based exploit tool targeting CVE-2024-25600, a critical unauthenticated remote code execution vulnerability in the Bricks Builder plugin for WordPress (up to version 1.9.6). The exploit automates the process of retrieving a required nonce from the target site and then sends a specially crafted POST request to the vulnerable REST API endpoint (/wp-json/bricks/v1/render_element). The payload leverages the 'queryEditor' field to inject and execute arbitrary commands on the server. The tool supports both interactive and batch modes, allowing exploitation of single or multiple targets. The main code is in 'exploit.py', which handles nonce extraction, vulnerability checking, command execution, and user interaction. The repository also includes a README.md with detailed usage instructions and PoC payloads, and a requirements.txt listing necessary Python dependencies. The exploit is operational and provides an interactive shell for command execution if the target is vulnerable.

This repository contains a Python proof-of-concept exploit for CVE-2024-25600, a critical unauthenticated remote code execution vulnerability in the Bricks Builder plugin for WordPress (versions up to and including 1.9.6). The main file, 'CVE-2024-25600.py', provides both single-target and multi-target (file-based) exploitation modes. It works by first fetching a required nonce from the target site, then sending specially crafted POST requests to the vulnerable REST API endpoints ('/wp-json/bricks/v1/render_element' and '/?rest_route=/bricks/v1/render_element'). The payload injects PHP code that executes arbitrary system commands, providing an interactive shell to the attacker. The exploit is unauthenticated and leverages the plugin's improper handling of user input. The repository also includes a README.md with background, impact, and mitigation advice. No hardcoded IPs or domains are present; the exploit is designed to be used against user-supplied targets.