CVE-2024-44000

This PoC exploits CVE-2024-44000 in the LiteSpeed Cache WordPress plugin by extracting session cookies from a publicly accessible debug.log file and using them to hijack admin sessions via crafted URLs.

This repository contains a functional Python script that exploits CVE-2024-44000 by extracting session cookies from exposed WordPress debug logs and attempting to hijack admin sessions. The tool automates the process of fetching logs, filtering session cookies, and testing them for admin access.

This repository contains a functional Python script that exploits CVE-2024-44000 in the LiteSpeed Cache WordPress plugin by extracting session cookies from exposed debug logs and attempting to hijack admin sessions. The script automates the process of accessing debug logs, parsing cookies, and testing them for admin access.

This exploit targets CVE-2024-44000, an unauthorized account takeover vulnerability in LiteSpeed servers. It extracts WordPress user session cookies from exposed debug logs and allows impersonation of logged-in users.

This exploit extracts WordPress session cookies from a publicly accessible debug.log file, enabling authentication bypass by impersonating logged-in users. It leverages misconfigured logging to steal cookies and gain unauthorized access.

This Metasploit module exploits an unauthenticated account takeover vulnerability in the LiteSpeed Cache WordPress plugin (CVE-2024-44000) by stealing admin cookies from the debug.log file when Debug Logging is enabled. It then uses the stolen cookies to upload and execute a malicious plugin for remote code execution.