CVE-2019-15896 PoC — WordPress LifterLMS插件安全漏洞

Source

https://github.com/RandomRobbieBF/CVE-2019-15896

Associated Vulnerability

Title:WordPress LifterLMS插件安全漏洞 (CVE-2019-15896)
Description:WordPress LifterLMS插件3.34.5及之前版本中的class.llms.admin.import.php脚本中的‘upload_import’函数存在安全漏洞。攻击者可利用该漏洞提升权限（创建管理员帐户）、重定向用户或实施跨站脚本攻击。

Description

LifterLMS <= 3.34.5 - Unauthenticated Options Import

Readme

# CVE-2019-15896
LifterLMS &lt;= 3.34.5 - Unauthenticated Options Import

# Description

Unauthenticated Options Import, which could lead to 

- Website Redirection

- Administrator Account Creation

- Content Injection

- Stored XSS

The issues have been reported as fixed in 3.35.0. However v3.35.1 added additional input sanitisation and filtering.


How to use
---
$ python3 CVE-2019-15896.py --url http://wordpress.lan --username radmin --email admin@admin.lan
LifterLMS <= 3.34.5 - Unauthenticated Options Import
Exploit By Ramdom Robbie
Once ran check your email for the forgotten password link.
Password reset email sent to admin@admin.lan
```

Info
---

```
Requires access to login.php and working email address and the site needs to be able to send emails
```

File Snapshot


 [4.0K]  /data/pocs/b351fa44951ee880c64adc53e1108c3021ada58f
├── [2.6K]  CVE-2019-15896.py
├── [ 34K]  LICENSE
├── [3.2K]  lifter.json
└── [ 771]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!