Skip to content

PoC for the CVE-2024 Litespeed Cache Privilege Escalation

License

Notifications You must be signed in to change notification settings

arch1m3d/CVE-2024-28000

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2024-28000 PoC

This repository contains tools for exploiting the CVE-2024-28000 vulnerability affecting WordPress sites using the LiteSpeed Cache plugin. The included scripts automate the detection of exposed debug.log files and the exploitation of a privilege escalation vulnerability that allows unauthorized users to gain administrator-level access. An extensive documentation on this vulnerability can be found here: https://patchstack.com/articles/critical-privilege-escalation-in-litespeed-cache-plugin-affecting-5-million-sites?_s_id=cve

Usage

Clone the Repository:

git clone https://github.com/yourusername/CVE-2024-28000.git
cd CVE-2024-28000

Run checkdebuglog.py:

python3 checkdebuglog.py

Input: A list of target URLs. Output: Identifies URLs with exposed debug.log files.

Run exploit.py:

python3 exploit.py

Mitigation

The vulnerability has been addressed in LiteSpeed Cache plugin version 6.4 and above. Users are strongly encouraged to update to the latest version to mitigate the risk.

Disclaimer

This tool is intended for educational purposes and authorized security testing only. Unauthorized use of this tool on systems you do not own or have explicit permission to test is illegal and unethical.

About

PoC for the CVE-2024 Litespeed Cache Privilege Escalation

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages