关联漏洞
标题:WordPress plugin InPost Gallery 路径遍历漏洞 (CVE-2022-4063)Description:WordPress等都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。WordPress plugin是一个应用插件。PHP等都是的产品。PHP是一种在服务器端执行的脚本语言。 WordPress plugin InPost Gallery 2.1.4.1之前版本存在路径遍历漏洞,该漏洞源于在呈现HTML视图时不安全地使用PHP的extract()函数。攻击者利用该漏洞在服务器上运行代码。
Description
Automatic Mass Tool for checking vulnerability in CVE-2022-4063 - InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
介绍
# INPGer | CVE-2022-4063 - InPost Gallery
Automatic Mass Tool for checking vulnerability in CVE-2022-4063 - InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE<br>Using GNU Parallel. You must have parallel for running this tool.<br>
- <b>If you found error like "$'\r': command not found" just do "dos2unix inpger.sh"</b>
# Install Parallel
- Linux : <code>apt-get install parallel -y</code><br>
- Windows : You can install WSL (windows subsystem linux) then do install like linux<br>if you want use windows (no wsl), install <a href="https://git-scm.com/download/win">GitBash</a> then do this command for install parallel: <br>
[#] <code>curl pi.dk/3/ > install.sh </code><br>[#] <code>sha1sum install.sh | grep 12345678 </code><br>[#] <code>md5sum install.sh </code><br>[#] <code>sha512sum install.sh </code><br>[#] <code>bash install.sh</code><br>
# How To Use
- [#] <code>bash inpger.sh yourlist.txt thread</code>
# Reference
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4063
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
- https://github.com/advisories/GHSA-5rmh-7p7v-fmfc
文件快照
[4.0K] /data/pocs/fd488286093769a5ff5ae64e91b0c6ea0262a079
├── [1.8K] inpger.sh
├── [ 46] notvuln.txt
├── [1.1K] README.md
├── [3.9K] single-exploiter-beta.py
├── [1.4K] single-exploiter-beta.sh
├── [4.9K] single-exploiter.py
└── [ 24] vuln.txt
0 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。