CVE-2014-0166 PoC — WordPress 授权问题漏洞

Source

https://github.com/Ettack/POC-CVE-2014-0166

Associated Vulnerability

Title:WordPress 授权问题漏洞 (CVE-2014-0166)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 3.7.1及之前版本和3.8.2之前的3.8.x版本的wp-includes/pluggable.php文件中的‘wp_validate_auth_cookie’函数存在授权问题漏洞，该漏洞源于程序没有正确验证授权Cookies的有效性。远程攻击者可借助伪造的Cookies利用该漏洞获取访问权限。

Description

POC of CVE-2014-0166 (WordPress cookie forgery vulnerability)

Readme

##POC&EXP of CVE-2014-0166
####WordPress < 3.8.2 cookie forgery vulnerability

**Details of this vulnerability can be found at [here](http://www.ettack.org/wordpress-cookie-forgery/)**

There are three files:

* _wp\_zero\_cookie\_generator.php_
    * **POC to verify this vulnerability.**  
        * It **won't** send any requests, just a local brute-forcer.  
        * Redefine variables to supply info and it will try to find out a **_zero cookie_**.

* _zeroCatcher.py_
    * **Multiprocessing POC written in python**
        * The same as _wp\_zero\_cookie\_generator.php_.
        * Except that multiprocessing is applied for better performance.
        
* _cookieForger.py_
    * **Multi thread remote EXP**  
        * Read the source code and you will understand **_everything_** about it.

File Snapshot


 [4.0K]  /data/pocs/19861b2b8124a33cad609571f7a309bccb67826e
├── [2.9K]  cookieForger.py
├── [ 803]  README.md
├── [1.4K]  wp_zero_cookie_generator.php
└── [1.2K]  zeroCather.py

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!