CVE-2022-0316 PoC — 多款WordPress theme 代码问题漏洞

Source

https://github.com/KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit

Associated Vulnerability

Title:多款WordPress theme 代码问题漏洞 (CVE-2022-0316)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress theme是WordPress的一款主题。多款WordPress theme存在代码问题漏洞，该漏洞源于来自 ChimpStudio 和 PixFill 的多个主题在 lang_upload.php 文件中没有任何授权和上传验证，允许任何未经身份验证的攻击者上传任意文件到 Web 服务器。

Description

( Wordpress Exploit ) Wordpress Multiple themes - Unauthenticated Arbitrary File Upload

Readme


# Wordpress Multiple themes - Unauthenticated Arbitrary File Upload

[CVE-2022-0316](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0316) Unauthenticated Arbitrary File Upload in multiple themes from ChimpStudio and PixFill.

For more exploits and exclusive ones contact me on telegram [@KtN1990](https://t.me/KtN1990).

## Themes Effected

- westand
- footysquare
- aidreform
- statfort
- club-theme
- kingclub-theme
- spikes
- spikes-black
- soundblast
- bolster
- rocky-theme
- bolster-theme
- theme-deejay
- snapture
- onelife
- churchlife
- soccer-theme
- faith-theme
- statfort-new

## Usage

To run this exploit you need to have python 3 and websites list then execute

```bash
  python3 exploit.py -l list.txt -t 100
```


| Parameter | Type     | Description                |
| :-------- | :------- | :------------------------- |
| `-l` | `string` | **Required**. Your webistes list |
| `-t` | `int` | threads number ( 100 by default)|

## Contact

- [@KtN1990](https://t.me/KtN1990)


## More Exploits, Check Megatron!

![Logo](https://raw.githubusercontent.com/KTN1990/CVE-2022-0316_wordpress_multiple_themes_exploit/main/files/megatron.jpg)


- Provides an easy and efficient way to assess and exploit Wordpress security holes for mass purposes.
- 97+ Exploits, all types (RCE, LOOTS, AUTHBYPASS...).
- Customizable config.
- Monthly Free updates including more code opitmization, fixing bugs, adding more exploits plus 0days.
- Strong code base and custom threading and process model using a tasks management feature, getting reliable results is assured; no need to talk about speed since at KTN we use unconventional methods for concurrency.
- [Telegram Channel](https://t.me/megatron_ktn)



## Demo

[![IMAGE ALT TEXT HERE](https://i.ytimg.com/vi_webp/k6kRSlCIv4g/mqdefault.webp)](https://www.youtube.com/watch?v=k6kRSlCIv4g)

## License

[MIT](https://choosealicense.com/licenses/mit/)

File Snapshot


 [4.0K]  /data/pocs/5fe1757f03ebb36f28dfa981a8b058b1655ad73d
├── [3.7K]  exploit.py
├── [4.0K]  files
│   ├── [118K]  logo.png
│   └── [4.8M]  megatron.jpg
├── [1.0K]  LICENSE
└── [1.9K]  README.md

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!