CVE-2019-8943 PoC — WordPress 路径遍历漏洞

Source

https://github.com/hadrian3689/wordpress_cropimage

Associated Vulnerability

Title:WordPress 路径遍历漏洞 (CVE-2019-8943)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 5.0.3及之前版本中的‘wp_crop_image()’函数存在路径遍历漏洞。远程攻击者可借助带有图像扩展名和‘../’序列的文件名利用该漏洞向任意目录写入图像。

Description

CVE-2019-8943 WordPress Crop-Image

Readme

# WordPress Crop-Image CVE-2019-8943

A python3 script for WordPress Crop-Image CVE-2019-8943 Authenticated Remote Code Execution (RCE). It drops a malicious PHP backdoor.

## Getting Started

### Executing program

* RCE
```
python3 wp_rce.py -t http://wordpress.rce/ -u admin -p password -m twentytwenty
```

## Help

For help menu:
```
python3 wp_rce.py -h
```

## Disclaimer
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.

File Snapshot


 [4.0K]  /data/pocs/c00b17a71c38d5a4ba4d5d22f45cbcf6f24e7365
├── [ 854]  README.md
├── [3.0K]  rse.jpg
└── [7.4K]  wp_rce.py

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!