CVE-2022-4395 PoC — WordPress plugin Membership For WooCommerce 代码问题漏洞

Source

https://github.com/MrG3P5/CVE-2022-4395

Associated Vulnerability

Title:WordPress plugin Membership For WooCommerce 代码问题漏洞 (CVE-2022-4395)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Membership For WooCommerce 2.1.7之前版本存在代码问题漏洞，该漏洞源于不验证上传的文件。攻击者利用该漏洞上传任意文件，如恶意PHP代码，并远程执行代码。

Description

Mass Auto Exploit CVE-2022-4395 Unauthenticated Arbitrary File Upload

Readme

<p align="center">
<img src="https://avatars.githubusercontent.com/u/57594747?s=400&u=da1eec8bf84a62a2ca11230d358dfac0bb000bcd&v=4" alt="png" width="128" height="128"/>
</p>
<p align="center">
<h1 align="center">MASS CVE-2022-4395</h1>
</p>
<p align="center">
<a href="https://github.com/MrG3P5"><img title="Author" src="https://img.shields.io/badge/Author-X MrG3P5-red.svg?style=for-the-badge&logo=github"></a>
</p>
<br>

## Usage

```sh
apt install python3 python3-pip -y
pip3 install -r require.txt
python3 main.py
```

## Preview
![index](https://raw.githubusercontent.com/MrG3P5/CVE-2022-4395/main/Screenshot_20230309-193334_ANDRAX_Hacker's_Platform~2.png)

## Reference
https://wpscan.com/vulnerability/80407ac4-8ce3-4df7-9c41-007b69045c40

File Snapshot


 [4.0K]  /data/pocs/2d6ed915f6e58fec14d6e189c42ab326ecde91d9
├── [2.0K]  main.py
├── [ 746]  README.md
├── [  27]  require.txt
├── [   4]  result.txt
├── [ 88K]  Screenshot_20230309-193334_ANDRAX_Hacker's_Platform~2.png
└── [ 449]  x.php

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!