wp-jobhunt-exploit

CVE-2018-19487, CVE-2018-19488, exploit for WordPress wp-jobhunt plugin

wp-jobhunt plugin is a plugin used with JobCareer theme:

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 (see changelog at the bottom)

Python exploit for CVE-2018-19487 (AJAX user information disclosure) and CVE-2018-19488 (AJAX user reset password) for version 2.2 and before.

REQUIREMENTS:

requests
urllib
json

HOW TO USE:

Check if vulnerable to user enumeration:

python poc.py --checkenum https://wpsite/path/to/wp-admin/admin-ajax.php

Check if vulnerable to user reset pass:

python poc.py --checkreset https://wpsite/path/to/wp-admin/admin-ajax.php

Exploit user enumeration:

python poc.py --enum https://wpsite/path/to/wp-admin/admin-ajax.php

Exploit user reset password:

python poc.py --reset https://wpsite/path/to/wp-admin/admin-ajax.php

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
README.md		README.md
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

wp-jobhunt-exploit

About

Releases

Packages

Languages

YOLOP0wn/wp-jobhunt-exploit

Folders and files

Latest commit

History

Repository files navigation

wp-jobhunt-exploit

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages