Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-21389 PoC — WordPress 安全漏洞

Source
https://github.com/mynameSumin/CVE-2021-21389
Associated Vulnerability
Title:WordPress 安全漏洞 (CVE-2021-21389)
Description:WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress BuddyPress 7.2.1 存在安全漏洞,该漏洞源于非特权的普通用户可以通过利用REST API成员端点中的问题获得管理员权限。
Description
경희대 졸업프로젝트
Readme
## 사용법
1. docker를 build하여 취약한 wordpress, buddypress 환경을 구성한다.  
2. mariaDB container를 build하고 실행한다.  
3. 두 개의 컨테이너를 같은 네트워크에서 실행되도록 만든다.  
   ex) docker network create wordpress_network  
  docker network connect wordpress_network wordpress_app  
  docker network connect wordpress_network wordpress_db
4. 다음 명령어를 통해 payload를 실행한다.  
   python3 CVE-2021-21389.py http://localhost:8080 test 1234 whoami
File Snapshot

 [4.0K]  /data/pocs/99a72c11cea67c6e1352eac88b9f5157583c1088
├── [4.7K]  CVE-2021-21389.py
├── [1.5K]  Dockerfile
├── [ 523]  README.md
└── [4.0K]  src
    ├── [7.1K]  apache2.conf
    ├── [  94]  start.sh
    ├── [719K]  wordpress.sql
    └── [3.3K]  wp-config.php

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.