CVE-2023-5561 PoC — WordPress plugin Popup Builder 信息泄露漏洞

Source

https://github.com/rootxsushant/CVE-2023-5561-POC-Updated

Associated Vulnerability

Title:WordPress plugin Popup Builder 信息泄露漏洞 (CVE-2023-5561)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Popup Builder 4.1.15 版本及之前版本存在信息泄露漏洞，该漏洞源于在将某些字段回显至页面之前，没有经过充分的转义和清理。

Description

Updated POC for Unauth Post Author Email Disclosures WordPress CVE-2023-5561

Readme

# CVE-2023-5561-POC-Updated

This repository contains a modified version of the original Proof-of-Concept (PoC) for CVE-2023-5561. The original PoC, which can be found <a href=https://github.com/pog007/CVE-2023-5561-PoC>here</a>, sends a high volume of requests in parallel, which may trigger Web Application Firewalls (WAFs) or cause the server to block the connection due to excessive traffic.

# Modification

- Added a 10-second delay between each request in the bruteforce_search function using time.sleep(10). This helps prevent the PoC from overwhelming the target server.
- The core functionality of the exploit remains unchanged, ensuring the PoC still works effectively while reducing the likelihood of detection and blocking.

# Usage

``` python3 poc.py <target site root url> ```

This version is useful for conducting responsible security assessments while minimizing the risk of being blocked due to aggressive request patterns.

File Snapshot


 [4.0K]  /data/pocs/379a126c1f0efbe051fdb7e455f30ad60739e97a
├── [2.5K]  poc.py
└── [ 944]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!