This repository contains tools for exploiting the CVE-2024-28000 vulnerability affecting WordPress sites using the LiteSpeed Cache plugin. The included scripts automate the detection of exposed debug.log files and the exploitation of a privilege escalation vulnerability that allows unauthorized users to gain administrator-level access. An extensive documentation on this vulnerability can be found here: https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve
Clone the Repository:
git clone https://github.com/yourusername/CVE-2024-28000.git
cd CVE-2024-28000
Run checkdebuglog.py:
python3 checkdebuglog.py
Input: A list of target URLs. Output: Identifies URLs with exposed debug.log files.
Run exploit.py:
python3 exploit.py
The vulnerability has been addressed in LiteSpeed Cache plugin version 6.4 and above. Users are strongly encouraged to update to the latest version to mitigate the risk.
This tool is intended for educational purposes and authorized security testing only. Unauthorized use of this tool on systems you do not own or have explicit permission to test is illegal and unethical.