Purpose: Educational lab documenting the discovery, exploitation path (conceptual), and remediation of a vulnerable WordPress plugin (wpDiscuz v7.0.4) in an isolated/lab environment.
Disclaimer: This repository is for educational and defensive purposes only. Do not use this material on systems you do not own or have permission to test.
lab-report.md— step-by-step sanitized report and findings.notes/— deeper notes (recon, exploitation concepts, privilege escalation, mitigations).scripts/plugin_detector.py— safe script that checks for plugin version strings (non-exploitative).screenshots/— sanitized screenshots as evidence.
- Target: WordPress instance with vulnerable plugin
wpDiscuz(lab scenario). - Initial discovery: plugin version fingerprinted via aggressive plugin detection.
- Exploitation path (conceptual): unauthenticated file upload → webshell upload → reverse shell → user context enumeration → exploitation of
nokogiri(privilege escalation) → retrieval of sensitive files and keys. - Final result in lab: local root obtained (documented as learning outcome; sensitive artifacts redacted).
- Use the provided
environment/docker-compose.example.ymlto create an isolated VM/container lab. - Do not run exploit code on public networks.
- Follow the
notes/for conceptual steps and mitigations.
- Send PRs for improved documentation, sanitized evidence, or defensive scripts.
- Do not add exploit payloads, private keys, or real credentials.
MIT — for educational use only.