漏洞平台

POC详情： 27fd206b144aa8a5dc757991aa12e7e12d8e5c34

来源

https://github.com/Cappricio-Securities/CVE-2021-24917

关联漏洞

标题： WordPress 插件安全漏洞 (CVE-2021-24917)
描述：WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 WordPress插件存在安全漏洞，该漏洞源于在1.9.1之前的WPS隐藏登录WordPress插件有一个bug，它允许通过设置一个随机引用字符串，并以未经身份验证的用户请求wp-admin options.php来获得秘密登录页面。

描述

WordPress WPS Hide Login <1.9.1 - Information Disclosure

介绍


<div align="center">
  <img src="https://blogs.cappriciosec.com/uploaders/CVE-2021-24917-tool.png" alt="logo">
</div>


## Badges



[![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](https://choosealicense.com/licenses/mit/)
![PyPI - Version](https://img.shields.io/pypi/v/CVE-2021-24917)
![PyPI - Downloads](https://img.shields.io/pypi/dm/CVE-2021-24917)
![GitHub all releases](https://img.shields.io/github/downloads/Cappricio-Securities/CVE-2021-24917/total)
<a href="https://github.com/Cappricio-Securities/CVE-2021-24917/releases/"><img src="https://img.shields.io/github/release/Cappricio-Securities/CVE-2021-24917"></a>![Profile_view](https://komarev.com/ghpvc/?username=Cappricio-Securities&label=Profile%20views&color=0e75b6&style=flat)
[![Follow Twitter](https://img.shields.io/twitter/follow/cappricio_sec?style=social)](https://twitter.com/cappricio_sec)
<p align="center">

<p align="center">







## License

[MIT](https://choosealicense.com/licenses/mit/)



## Installation 

1. Install Python3 and pip [Instructions Here](https://www.python.org/downloads/) (If you can't figure this out, you shouldn't really be using this)

   - Install via pip
     - ```bash
          pip install CVE-2021-24917 
        ```
   - Run bellow command to check
     - `CVE-2021-24917 -h`

## Configurations 
2. We integrated with the Telegram API to receive instant notifications for vulnerability detection.
   
   - Telegram Notification
     - ```bash
          CVE-2021-24917 --chatid <YourTelegramChatID>
        ```
   - Open your telegram and search for [`@CappricioSecuritiesTools_bot`](https://web.telegram.org/k/#@CappricioSecuritiesTools_bot) and click start

## Usages 
3. This tool has multiple use cases.
   
   - To Check Single URL
     - ```bash
          CVE-2021-24917 -u http://example.com 
        ```
   - To Check List of URL 
      - ```bash
          CVE-2021-24917 -i urls.txt 
        ```
   - Save output into TXT file
      - ```bash
          CVE-2021-24917 -i urls.txt -o out.txt
        ```
   - Want to Learn about [`CVE-2021-24917`](https://blogs.cappriciosec.com/cve/156/ProxyShell-%20A%20Supply%20Chain%20Nightmare%20-%20CVE-2021-24917%20(Apache%20Solr)))? Then Type Below command
      - ```bash
          CVE-2021-24917 -b
        ```
     
<p align="center">
  <b>🚨 Disclaimer</b>
  
</p>
<p align="center">
<b>This tool is created for security bug identification and assistance; Cappricio Securities is not liable for any illegal use. 
  Use responsibly within legal and ethical boundaries. 🔐🛡️</b></p>


## Working PoC Video

[![asciicast](https://blogs.cappriciosec.com/uploaders/Screenshot%202024-05-29%20at%208.35.14%20AM.png)]( https://asciinema.org/a/CDJY3rZuxnEfKcarENiXfO42Z)




## Help menu

#### Get all items

```bash
👋 Hey karthikeyan
                                                                            v1.0
   _______    ________    ___   ____ ___  ___     ___  __ __  ____ ________
  / ____/ |  / / ____/   |__ \ / __ \__ \<  /    |__ \/ // / / __ <  /__  /
 / /    | | / / __/________/ // / / /_/ // /_______/ / // /_/ /_/ / /  / /
/ /___  | |/ / /__/_____/ __// /_/ / __// /_____/ __/__  __/\__, / /  / /
\____/  |___/_____/    /____/\____/____/_/     /____/ /_/  /____/_/  /_/

                              Developed By https://cappriciosec.com
                              

CVE-2021-24917 : Bug scanner for WebPentesters and Bugbounty Hunters 

$ CVE-2021-24917 [option]

Usage: CVE-2021-24917 [options]
```


| Argument | Type     | Description                | Examples |
| :-------- | :------- | :------------------------- | :------------------------- |
| `-u` | `--url` | URL to scan | CVE-2021-24917 -u https://target.com |
| `-i` | `--input` | filename Read input from txt  | CVE-2021-24917 -i target.txt | 
| `-o` | `--output` | filename Write output in txt file | CVE-2021-24917 -i target.txt -o output.txt |
| `-c` | `--chatid` | Creating Telegram Notification | CVE-2021-24917 --chatid yourid |
| `-b` | `--blog` | To Read about CVE-2021-24917 Bug | CVE-2021-24917 -b |
| `-h` | `--help` | Help Menu | CVE-2021-24917 -h |



## 🔗 Links
[![Website](https://img.shields.io/badge/my_portfolio-000?style=for-the-badge&logo=ko-fi&logoColor=white)](https://cappriciosec.com/)
[![linkedin](https://img.shields.io/badge/linkedin-0A66C2?style=for-the-badge&logo=linkedin&logoColor=white)](https://www.linkedin.com/in/karthikeyan--v/)
[![twitter](https://img.shields.io/badge/twitter-1DA1F2?style=for-the-badge&logo=twitter&logoColor=white)](https://twitter.com/karthithehacker)



## Author

- [@karthithehacker](https://github.com/karthi-the-hacker/)



## Feedback

If you have any feedback, please reach out to us at contact@karthithehacker.com

文件快照


 [4.0K]  /data/pocs/27fd206b144aa8a5dc757991aa12e7e12d8e5c34
├── [4.0K]  cve202124917
│   ├── [4.0K]  includes
│   │   ├── [ 650]  bot.py
│   │   ├── [ 470]  filereader.py
│   │   ├── [   0]  __init__.py
│   │   ├── [2.2K]  scan.py
│   │   └── [ 285]  writefile.py
│   ├── [1.7K]  main.py
│   └── [4.0K]  utils
│       ├── [1.9K]  configure.py
│       ├── [ 937]  const.py
│       ├── [2.3K]  helpers.py
│       ├── [   0]  __init__.py
│       └── [ 227]  status.py
├── [1.0K]  LICENSE
├── [4.6K]  README.md
└── [ 996]  setup.py

3 directories, 14 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。