关联漏洞
Description
CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]
介绍
# CVE-2023-28121
WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]
# Introduction
- This script using Python3 and use threading for better process speed. The script has ben updated to 2 version. V1 is the old version and V2 the newer version with random username, email and password string. After you get some results dont forget to change your email in wordpress user dashboard. Dont use many threads if your machine is potato-end xD. <br>
- For installing requirements, do ```pip install -r requirements.txt```
# Reference
- https://wpscan.com/vulnerability/0f78a245-866c-462e-bd23-43dfadb57072<br>
- https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce<br>
- https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know<br>
- https://github.com/rapid7/metasploit-framework/issues/18159<br>
- https://github.com/killvxk/POCS/blob/c22d5834686fcbd8ed21bf4de965447962d0ecc0/CVE-2023-28121#L4<br>
- https://github.com/gbrsh/CVE-2023-28121
文件快照
[4.0K] /data/pocs/6d899c158d0b6cd0b44b080dff204195d0532660
├── [3.9K] mass-exploit-v1.py
├── [5.5K] mass-exploit-v2.py
├── [1.1K] README.md
├── [ 26] requirements.txt
└── [ 24] results.txt
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。