关联漏洞
标题:WordPress plugin 输入验证错误漏洞 (CVE-2022-0165)Description:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress 2.9.6版本及之前版本的Page Builder KingComposer 存在输入验证错误漏洞,该漏洞源于kc_get_thumbn AJAX 操作将用户重定向到它之前不验证 id 参数。
Description
A PoC exploit for CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - ID Parameter Validation Bypass
介绍
# CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - ID Parameter Validation Bypass
The Page Builder KingComposer WordPress plugin, versions up to and including 2.9.6, is susceptible to a security vulnerability that allows an attacker to bypass ID parameter validation. This could lead to unauthorized redirection of users via the kc_get_thumbn AJAX action. This vulnerability has been assigned the identifier CVE-2022-0165.
# Vulnerability Details
CVE ID: CVE-2022-0165
Type: ID Parameter Validation Bypass
Affected Versions: Up to and including 2.9.6
The vulnerability arises due to inadequate validation of the id parameter when processing the kc_get_thumbn AJAX action. This action is available to both unauthenticated and authenticated users.
# Impact
Exploiting this vulnerability could allow an attacker to craft a malicious URL with a specially crafted id parameter. When a user, especially an authenticated administrator, interacts with this URL, they could be redirected to an unintended destination. This can potentially lead to phishing attacks, malware distribution, or other malicious activities.
# Proof of Concept (PoC)
To demonstrate the vulnerability, you can follow these steps:
Craft a malicious URL with a manipulated id parameter. For example:
http://your-wordpress-site.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=malicious_url
Share the crafted URL with a victim, enticing them to click on it.
When the victim interacts with the URL, the vulnerable plugin will not properly validate the id parameter, potentially leading to unintended redirection.
# Mitigation
To mitigate the vulnerability, it is recommended to update the Page Builder KingComposer plugin to the latest version available. Plugin updates often include security fixes that address such vulnerabilities. Regularly updating plugins and themes is a best practice to ensure your WordPress site's security.
文件快照
[4.0K] /data/pocs/8ae9075fcc3ee20df290c84eb217157d85a27d77
├── [ 290] CVE-2022-0165.sh
└── [1.9K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。