关联漏洞
标题:WordPress plugin MStore API 安全漏洞 (CVE-2023-3076)Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin MStore API 3.9.9 版本之前存在安全漏洞,该漏洞源于不会阻止访问者通过其批发 REST API 端点创建具有其选择角色的用户帐户。
Description
Automatic Mass Tool for check and exploiting vulnerability in CVE-2023-3076 - MStore API < 3.9.9 - Unauthenticated Privilege Escalation (Mass Add Admin + PHP File Upload)
介绍
# MSAPer | CVE-2023-3076 - MStore API
Automatic Mass Tool for check and exploiting vulnerability in CVE-2023-3076 - MStore API < 3.9.9 - Unauthenticated Privilege Escalation (Mass Add Admin + PHP File Upload)<br><br>
<img src="https://github.com/im-hanzou/MSAPer/blob/main/image/msaper.png" width=600></img><br>
- Using GNU Parallel. You must have parallel for run this tool.<br>
- <b>If you found error like "$'\r': command not found" just do "dos2unix msaper.sh"</b>
# Install Parallel
- Linux : <code>apt-get install parallel -y</code><br>
- Windows : You can install WSL (windows subsystem linux) then do install like linux<br>if you want use windows (no wsl), install <a href="https://git-scm.com/download/win">GitBash</a> then do this command for install parallel: <br>
[#] <code>curl pi.dk/3/ > install.sh </code><br>[#] <code>sha1sum install.sh | grep 12345678 </code><br>[#] <code>md5sum install.sh </code><br>[#] <code>sha512sum install.sh </code><br>[#] <code>bash install.sh</code><br>
# How To Use
- <b>Make sure you already install Parallel!</b> Then do:
- [#] <code>git clone https://github.com/im-hanzou/MSAPer.git</code>
- [#] <code>cd MSAPer && chmod +x msaper.sh</code>
- [#] For Linux or WSL: <code>./msaper.sh list.txt thread</code>
- [#] For Gitbash: <code>TMPDIR=/tmp ./msaper.sh list.txt thread</code>
# Reference
- https://nvd.nist.gov/vuln/detail/CVE-2023-3076
- https://wpscan.com/vulnerability/ac662436-29d7-4ea6-84e1-f9e229b44f5b
- https://github.com/advisories/GHSA-gwr5-qqvh-c57m
# Disclaimer:
- <b><i>This tool is for educational purposes only. Use it responsibly and with proper authorization. The author is not responsible for any misuse.</b></i>
文件快照
[4.0K] /data/pocs/5e03cfee0a147e72607099997fa2275c91739f5c
├── [ 89K] config.tifa.json.php
├── [4.0K] image
│ └── [129K] msaper.png
├── [ 51] list.txt
├── [3.2K] msaper.sh
└── [1.6K] README.md
1 directory, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。