Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-0165 PoC — WordPress plugin 输入验证错误漏洞

Source
https://github.com/K3ysTr0K3R/CVE-2022-0165-EXPLOIT
Associated Vulnerability
Title:WordPress plugin 输入验证错误漏洞 (CVE-2022-0165)
Description:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress 2.9.6版本及之前版本的Page Builder KingComposer 存在输入验证错误漏洞,该漏洞源于kc_get_thumbn AJAX 操作将用户重定向到它之前不验证 id 参数。
Description
A PoC exploit for CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - ID Parameter Validation Bypass
Readme
# CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - ID Parameter Validation Bypass

The Page Builder KingComposer WordPress plugin, versions up to and including 2.9.6, is susceptible to a security vulnerability that allows an attacker to bypass ID parameter validation. This could lead to unauthorized redirection of users via the kc_get_thumbn AJAX action. This vulnerability has been assigned the identifier CVE-2022-0165.

# Vulnerability Details

CVE ID: CVE-2022-0165
Type: ID Parameter Validation Bypass
Affected Versions: Up to and including 2.9.6

The vulnerability arises due to inadequate validation of the id parameter when processing the kc_get_thumbn AJAX action. This action is available to both unauthenticated and authenticated users.

# Impact

Exploiting this vulnerability could allow an attacker to craft a malicious URL with a specially crafted id parameter. When a user, especially an authenticated administrator, interacts with this URL, they could be redirected to an unintended destination. This can potentially lead to phishing attacks, malware distribution, or other malicious activities.

# Proof of Concept (PoC)

To demonstrate the vulnerability, you can follow these steps:

    Craft a malicious URL with a manipulated id parameter. For example:

    http://your-wordpress-site.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=malicious_url

    Share the crafted URL with a victim, enticing them to click on it.

    When the victim interacts with the URL, the vulnerable plugin will not properly validate the id parameter, potentially leading to unintended redirection.

# Mitigation

To mitigate the vulnerability, it is recommended to update the Page Builder KingComposer plugin to the latest version available. Plugin updates often include security fixes that address such vulnerabilities. Regularly updating plugins and themes is a best practice to ensure your WordPress site's security.
File Snapshot

 [4.0K]  /data/pocs/8ae9075fcc3ee20df290c84eb217157d85a27d77
├── [ 290]  CVE-2022-0165.sh
└── [1.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.