CVE-2020-35489 PoC — Wordpress contact-form-7 代码问题漏洞

Source

Associated Vulnerability

Description

WordPress Sites Vulnerability Checker for CVE-2020-35489

Readme

# wp_CVE-2020-35489_checker

## CVE-2020-35489 - Introduction

The wp_CVE-2020-35489_checker is a Python command-line tool designed to check if a WordPress website is vulnerable to CVE-2020-35489. This particular vulnerability stems from a security flaw in the WordPress Contact Form 7 plugin versions before 5.3.2. It enables unauthenticated attackers to upload malicious scripts via form fields, due to insufficient input validation and sanitization, potentially leading to remote code execution on the affected site.

## Legal Warning

This script, "wp_CVE-2020-35489_checker", is provided solely for educational and ethical purposes. It is designed to help website administrators, security researchers, and cybersecurity professionals assess whether WordPress websites are vulnerable to the CVE-2020-35489 vulnerability.

By using this script, you agree to the following conditions:

1. **Educational Use Only**: The primary intent of this script is to promote awareness and understanding of cybersecurity vulnerabilities. It should be used strictly in a controlled, educational, or testing environment.

2. **Consent and Authorization**: You must have explicit authorization or own the website(s) you are testing with this script. Using this script on any website without proper authorization is unethical and may be illegal in your jurisdiction.

3. **No Malicious Intent**: This script should not be used for any illegal or unethical activities such as unauthorized accessing, damaging, or exploiting of websites and their data.

4. **Legal Compliance**: Users are responsible for ensuring their use of the script is in compliance with all relevant laws and regulations in their jurisdiction, including but not limited to data protection, privacy, and cybersecurity laws.

5. **Liability Disclaimer**: The creators and contributors of the wp_CVE-2020-35489_checker will not be held liable for any misuse of the script, nor for any damage, loss, or legal consequences resulting from such misuse.

By downloading, copying, or using this script, you acknowledge and agree that you understand these conditions and will use the tool responsibly. Misuse of this tool is strictly against its intended purpose and could result in legal action.

## How to use this tool

### Install the necessary dependencies

```
python -m pip install aiofiles aiohttp packaging
```

### Run the script

```
python cve_2020_35489_checker.py -h
usage: cve_2020_35489_checker.py [-h] [-d DOMAIN] [-i INPUT_FILE] [-o OUTPUT_FILE]

Checks if a WordPress website is vulnerable to CVE-2020-35489.

options:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Check a single site (Example: python cve_2020_35489_checker.py -d example.com)
  -i INPUT_FILE, --input-file INPUT_FILE
                        Check multiple sites from a text file (Example: python cve_2020_35489_checker.py -i list.txt -o vulnerable.txt)
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        Output file for the list of vulnerable sites
 ```

## Realization / Insight

On that occasion (12/17/2020), it was estimated that approximately 5 million websites were affected. How many are still affected?

## For fun (or scientific research) - Google Dork

```
inurl:/wp-content/plugins/contact-form-7/
```
## References about the vulnerability

- Honor Reference: [Check-WP-CVE-2020-35489](https://github.com/dn9uy3n/Check-WP-CVE-2020-35489) - This was the program I used as a reference to create wp_CVE-2020-35489_checker.
- Technical Reference with exploitation examples: [CVE-2020-35489 - CWE-434](https://cwe.mitre.org/data/definitions/434.html)
- Exploit Reference [WordPress Plugin contact-form-7 5.1.6 - Remote File Upload](https://www.exploit-db.com/exploits/48062)

## Beta Executable for Windows

**Download:** [Release v1.0-Beta1 - Download](https://github.com/reneoliveirajr/wp_CVE-2020-35489_checker/releases/tag/v1.0-beta.1)  
**Discussion:** [Release v1.0-Beta1 - Discussion](https://github.com/reneoliveirajr/wp_CVE-2020-35489_checker/discussions/4)  

**File Name:** wp_CVE-2020-35489_checker_v1.0-beta.1.exe  
**CRC-32:** 23d09689  
**SHA-1:** 057764d27bcbc51d4b115aa94df69dd35776c265  
**SHA-256:** 00ad875be0e475ce79cb8fcbc18c5df6caae9157544e9fe07ab5ed265f609d8d  
**SHA-512:** 8b640cea240e12039b7685965c8dc55a01ae92421c9052c08272f6eaf3e9c5c2015ee12f5bd52bbe331c65563399cc9f2ebd3e71dadb1c8875e600a34cd493e2  

![image](https://github.com/reneoliveirajr/wp_CVE-2020-35489_checker/assets/74079397/975705ae-aa85-4f8f-8e36-1004c1c0398c)


## Always continuously improving...

### Contributions

We are open to code contributions! If you know how to reduce the lines of code, improve performance, or add a feature that aligns with the program's objective, bring it on!

### Support

For bug reports or feature requests, please open an issue on our GitHub repository. When reporting a bug, try to include as much detail as possible - for example, steps to reproduce the bug, the operating system you're using, and so on.

If you have a question that isn't answered in our documentation, you can also open an issue and I'll do our best to assist.

### Code Analysis

[![Quality gate](https://sonarcloud.io/api/project_badges/quality_gate?project=reneoliveirajr_wp_CVE-2020-35489_checker)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)

[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)
[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)
[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=bugs)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)
[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)
[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)
[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)
[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)
[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=reneoliveirajr_wp_CVE-2020-35489_checker&metric=duplicated_lines_density)](https://sonarcloud.io/summary/new_code?id=reneoliveirajr_wp_CVE-2020-35489_checker)

File Snapshot

 [4.0K]  /data/pocs/9f455ef0ba2b33ad71ee3e03f5449ff459dbbe7d
├── [3.8K]  cve_2020_35489_checker.py
├── [1.0K]  LICENSE
└── [7.0K]  README.md

0 directories, 3 files

Remarks