Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-4047 PoC — WordPress Plugin WooCommerce 代码问题漏洞

Source
https://github.com/entroychang/CVE-2022-4047
Associated Vulnerability
Title:WordPress Plugin WooCommerce 代码问题漏洞 (CVE-2022-4047)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin WooCommerce 4.0.9之前版本存在代码问题漏洞,该漏洞源于对未经身份验证用户通过AJAX操作上传的附件文件没有验证,这可能允许他们上传任意文件(例如PHP)并导致RCE。
Description
CVE-2022-4047 poc
Readme
# CVE-2022-4047

> Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload

## Usage

```
 @@@@@@@  @@@  @@@  @@@@@@@@              @@@@@@    @@@@@@@@    @@@@@@    @@@@@@                   @@@    @@@@@@@@        @@@   @@@@@@@@  
@@@@@@@@  @@@  @@@  @@@@@@@@             @@@@@@@@  @@@@@@@@@@  @@@@@@@@  @@@@@@@@                 @@@@   @@@@@@@@@@      @@@@   @@@@@@@@  
!@@       @@!  @@@  @@!                       @@@  @@!   @@@@       @@@       @@@                @@!@!   @@!   @@@@     @@!@!        @@!  
!@!       !@!  @!@  !@!                      @!@   !@!  @!@!@      @!@       @!@                !@!!@!   !@!  @!@!@    !@!!@!       !@!   
!@!       @!@  !@!  @!!!:!    @!@!@!@!@     !!@    @!@ @! !@!     !!@       !!@    @!@!@!@!@   @!! @!!   @!@ @! !@!   @!! @!!      @!!    
!!!       !@!  !!!  !!!!!:    !!!@!@!!!    !!:     !@!!!  !!!    !!:       !!:     !!!@!@!!!  !!!  !@!   !@!!!  !!!  !!!  !@!     !!!     
:!!       :!:  !!:  !!:                   !:!      !!:!   !!!   !:!       !:!                 :!!:!:!!:  !!:!   !!!  :!!:!:!!:   !!:      
:!:        ::!!:!   :!:                  :!:       :!:    !:!  :!:       :!:                  !:::!!:::  :!:    !:!  !:::!!:::  :!:       
 ::: :::    ::::     :: ::::             :: :::::  ::::::: ::  :: :::::  :: :::::                  :::   ::::::: ::       :::    ::       
 :: :: :     :      : :: ::              :: : :::   : : :  :   :: : :::  :: : :::                  :::    : : :  :        :::   : :       
                                                                                                                                          

usage: exploit.py [-h] [-u URL] [-f FILE]

CVE-2022-4047 - Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload (Mass PHP File Upload)

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     url
  -f FILE, --file FILE  url list
```

* Remeber to install `requests`
    * `pip3 install requests`
* `python3 exploit.py -u url`
* `python3 exploit.py -f file_path`
* Results for both types mentioned above will be saved in either vuln.txt or novuln.txt. If the target is found to be vulnerable, the path to the webshell will be recorded in uploaded.txt.
* Just a note: I have set up a proxy on port 8080 for easier monitoring of the situation, so remember to turn on your burp suite XD.
File Snapshot

 [4.0K]  /data/pocs/5c41adb529c5d09cd7cede492053330896afe83c
├── [5.9K]  exploit.py
├── [2.4K]  README.md
└── [  38]  testing.php

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.