CVE-2019-11223 PoC — WordPress SupportCandy插件代码问题漏洞

Source

https://github.com/AngelCtulhu/CVE-2019-11223

Associated Vulnerability

Title:WordPress SupportCandy插件代码问题漏洞 (CVE-2019-11223)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。SupportCandy plugin是使用在其中的一个票务系统插件。 WordPress SupportCandy插件2.0.0及之前版本中存在任意文件下载漏洞。远程攻击者可通过上传带有可执行扩展的文件利用该漏洞执行任意代码。

Description

CVE-2019-11223 - Arbitrary File Upload in Wordpress Support Candy Plugin Version 2.0 Below

Readme

# CVE-2019-11223
Arbitrary File Upload in Wordpress Plugin SupportCandy Version 2.0 Below
* https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/
* https://wordpress.org/plugins/supportcandy/#developers
* https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/

## Getting Started
```
git clone https://github.com/AngelCtulhu/CVE-2019-11223.git
```
### Prerequisites
```
pip install requests
```

#### Exploitation

in exploit.py change localhost to your target

```
python exploit.py
"http:\/\/localhost\/wp-content\/uploads\/wpsc\/1555513124_shell.php"
```
## Authors

* **Christian Angel** - [KALASAG CERT](https://cert.kalasag.com.ph/)

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details

File Snapshot


 [4.0K]  /data/pocs/75076fbb5827140ac29e6e12f089d7cf3c78574f
├── [1.0K]  LICENSE
├── [ 837]  README.md
├── [ 114]  shell.php
└── [ 209]  upload.py

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!