Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-17207 PoC — Snap Creek Duplicator 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-17207.yaml
Associated Vulnerability
Title:Snap Creek Duplicator 安全漏洞 (CVE-2018-17207)
Description:Snap Creek Duplicator是一款用于迁移和备份WordPress网站的工具。 Snap Creek Duplicator 1.2.42之前版本中存在安全漏洞。攻击者可通过访问installer.php文件和installer-backup.php文件利用该漏洞在数据库设置步骤过程中将PHP代码注入wp-config.php文件,进而执行任意代码。
Description
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
File Snapshot

 id: CVE-2018-17207

info:
  name: WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.