关联漏洞
标题:
WordPress Job Manager插件安全漏洞
(CVE-2015-6668)
描述:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Job Manager是其中的一个任务管理器插件。 WordPress Job Manager插件0.7.25之前的版本中存在安全漏洞。远程攻击者可借助暴力破解攻击利用该漏洞读取任意的CV文件。
描述
Evangelos Mourikis POC for CVE-2015-6668 converted for Python 3
介绍
# CVE-2015-6668
Evangelos Mourikis POC for CVE-2015-6668 converted for Python 3
Exploits IDOR vulnerability in `Job Manager` plugin for Wordpress.
Tested on `Python 3.11.9`
## References
[NIST CVE](https://nvd.nist.gov/vuln/detail/CVE-2015-6668)
[WPScan Vuln DB](https://wpscan.com/vulnerability/9fd14f37-8c45-46f9-bcb6-8613d754dd1c/)
## Setup and Usage
Clone the repo, setup virtual environment (if desired), install `requests`, and run the script with Python 3.
### Clone
```bash
git clone https://github.com/jimdiroffii/CVE-2015-6668.git
cd CVE-2015-6668
```
### Python Virtual Environment (optional)
```bash
python3 -m venv .venv
```
- Bash
```bash
source .venv/bin/activate
```
- Powershell
```powershell
.\.venv\Scripts\activate
```
### Install `requests`
```bash
python3 -m pip install requests
```
### Run `exploit.py`
```bash
python3 ./exploit.py
```
## Output
```bash
$ python3 ./exploit.py
CVE-2015-6668
Title: CV filename disclosure on Job-Manager WP Plugin
Author: Evangelos Mourikis
Blog: https://vagmour.eu
Plugin URL: http://www.wp-jobmanager.com
Versions: <=0.7.25
Enter a vulnerable website: http://10.10.10.10
Enter a file name: HackerAccessGranted
[+] URL of CV found! http://10.10.10.10/wp-content/uploads/2017/04/HackerAccessGranted.jpg
```
文件快照
[4.0K] /data/pocs/c5efc0926be50610c14be651275e92510bb054de
├── [ 672] exploit.py
├── [1.0K] LICENSE
└── [1.3K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。