CVE-2015-8351

This advisory describes a Remote File Inclusion (RFI) vulnerability in the Gwolle Guestbook WordPress Plugin (CVE-2015-8351). The vulnerability allows unauthenticated attackers to include remote PHP files via the 'abspath' parameter, leading to arbitrary code execution.

This repository contains a functional Python exploit for CVE-2015-8351, a Remote File Inclusion (RFI) vulnerability in the Gwolle Guestbook WordPress Plugin. The exploit crafts a malicious HTTP GET request to include a remote 'wp-load.php' file from an attacker-controlled server, leading to arbitrary code execution.

This repository contains a functional exploit for CVE-2015-8351, targeting a Remote File Inclusion (RFI) vulnerability in the WordPress plugin 'gwolle-gb' version 1.5.3. The exploit generates a reverse shell payload and serves it via a local HTTP server, then crafts a malicious request to the vulnerable endpoint to trigger the RFI and execute the payload.

This exploit leverages a Remote File Inclusion (RFI) vulnerability in the Gwolle Guestbook WordPress plugin (CVE-2015-8351) to achieve remote code execution (RCE). It sets up a malicious PHP payload on an attacker-controlled server and tricks the vulnerable endpoint into executing it via a crafted GET request.