CVE-2016-10956 PoC — WordPress mail-masta插件输入验证错误漏洞

Source

Associated Vulnerability

Description

Exploit script for WordPress Plugin Mail Masta 1.0 - CVE-2016-10956

Readme

# WordPress Plugin Mail Masta 1.0 - CVE-2016-10956 Exploit

This script exploits the CVE-2016-10956 vulnerability in WordPress Plugin Mail Masta 1.0 to extract credentials from `wp-config.php`.

## How to Use

1. Clone the repository:

    ```bash
    git clone https://github.com/Hakchoven/wp-mail-masta-exploit.git
    ```

2. Navigate to the directory:

    ```bash
    cd wp-mail-masta-exploit/
    ```

3. Run the script with the target URL as an argument:

    ```bash
    python3 mail-masta.py http://example.com/wordpress
    ```

Replace `http://example.com/wordpress` with the target WordPress site URL.

## Proof of Concept (PoC)

[- ![Watch the video](mail_masta_poc.mp4)](https://github.com/Hackhoven/wp-mail-masta-exploit/assets/142750639/1c4b2eef-cae7-496d-ad7b-9bd11102677e
)


## Disclaimer
This script is intended for educational purposes only. The author does not condone or support the use of this script for illegal or unethical activities. This script should only be used in legal security research or CTF environments. Use at your own risk.



---

Made by [Hackhoven](https://github.com/Hakchoven)

File Snapshot

 [4.0K]  /data/pocs/7b64369ec6abfdf31fb9577549ba819100e5cc32
├── [2.8K]  mail-masta-exploit.py
└── [1.1K]  README.md

0 directories, 2 files

Remarks