Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-6668 PoC — WordPress Job Manager插件安全漏洞

Source
https://github.com/nika0x38/CVE-2015-6668
Associated Vulnerability
Title:WordPress Job Manager插件安全漏洞 (CVE-2015-6668)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Job Manager是其中的一个任务管理器插件。 WordPress Job Manager插件0.7.25之前的版本中存在安全漏洞。远程攻击者可借助暴力破解攻击利用该漏洞读取任意的CV文件。
Description
A small Rust CLI that reproduces the information-disclosure pattern associated with CVE-2015-6668 (Job Manager <= 0.7.25).
Readme
# CVE-2015-6668 - Job Manager IDOR

[![Rust](https://img.shields.io/badge/rust-%23000000.svg?style=for-the-badge&logo=rust&logoColor=white)](https://www.rust-lang.org/)
[![Security](https://img.shields.io/badge/Security-CVE--2015--6668-red?style=for-the-badge)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6668)

A small Rust CLI that reproduces the information-disclosure pattern associated with CVE-2015-6668 (Job Manager <= 0.7.25). The tool enumerates typical WordPress upload paths for given years, months and common file extensions to detect publicly accessible files that may indicate an insecure direct object reference (IDOR) / insecure file exposure.

## Vulnerability Overview

CVE-2015-6668 affects Job Manager (<= 0.7.25). The vulnerability allows an attacker to enumerate or access uploaded files (attachments) due to insufficient access controls on user-uploaded resources. In practice this can expose sensitive documents, images or scripts that were expected to be private.

### Technical Details

- Target: Job Manager installations using predictable upload directories (e.g. `/wp-content/uploads/<year>/<month>/filename.ext`).
- Attack pattern: brute-force / enumerate common year/month folders and filename variants to locate accessible files.
- Indicators: HTTP 200 responses for constructed URLs indicate a publicly reachable file.
- This tool performs simple GET requests and reports the first discovered public file (by default).

### Description

The vulnerability stems from weak access control on uploaded content. If an application stores files in predictable public locations without proper authorization checks, an attacker can enumerate likely file paths and retrieve files directly via HTTP. The exploit vector is essentially an informed crawler that constructs possible upload URLs (year/month/file.ext) and checks for a 200 OK response.

## Usage

Build the project (Rust and Cargo are required):

```bash
cargo run -- -u http://target.com -f <file-name>
```

Run the command. Required arguments:
- `-u`, `--url` : base URL of the target (e.g. `http://example.com`).
- `-f`, `--filename` : filename to search for (spaces will be replaced with `-`).

Optional:
- `--start-year` : start year for enumeration (default: 2014).
- `--end-year` : end year for enumeration (default: current year).

Notes:
- The tool stops and exits immediately when the first file is found and prints the URL.
- The request User-Agent is set to mimic a modern Chrome browser by default.

## Disclaimer

This tool is for educational and authorized penetration testing purposes only. Use responsibly and only on systems you own or have explicit permission to.
File Snapshot

 [4.0K]  /data/pocs/e31cb3ded29aea5890058814a15969c842705484
├── [ 47K]  Cargo.lock
├── [ 218]  Cargo.toml
├── [2.6K]  README.md
└── [4.0K]  src
    └── [2.7K]  main.rs

2 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.