Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Exploit for Wordpress plugin - WPvivid Backup - CVE-2022-2863 #5731

Merged
merged 4 commits into from
Oct 28, 2022
Merged

Adding Exploit for Wordpress plugin - WPvivid Backup - CVE-2022-2863 #5731

merged 4 commits into from
Oct 28, 2022

Conversation

tehtbl
Copy link
Contributor

@tehtbl tehtbl commented Oct 19, 2022

Template / PR Information

  • Adding Exploit for Wordpress plugin - WPvivid Backup - CVE-2022-2863
  • References:

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

@DhiyaneshGeek DhiyaneshGeek self-assigned this Oct 22, 2022
@DhiyaneshGeek
Copy link
Member

DhiyaneshGeek commented Oct 22, 2022
edited

@tehtbl Hey, Thanks for sharing the template with the community :)

i tried to replicate this issue on the vulnerable plugin 0.9.75 and 0.9.74 version.

Could not replicate it , could tell me is there any setting need to be changed ?

@tehtbl
Copy link
Contributor Author

tehtbl commented Oct 23, 2022

Hi @DhiyaneshGeek, thanks for having a look at it.

I was working with the 0.9.75 version of the plugin. I've didn't changed any setting at all. Maybe you could try making a backup through WPvivid first before using the exploit. That was the only thing I've did.

cheers,
Thomas

Please find attached my test setup, configurations and debug output from nuclei itself.

127_0_0_1:31337_wpvivid_backup_lfi.txt
config.yaml.txt
docker-compose.yml.txt
Dockerfile.txt
uploads.ini.txt

@tehtbl
Copy link
Contributor Author

tehtbl commented Oct 27, 2022

@DhiyaneshGeek did you made any progress so far? Is there anything I could do to help making progress?

@DhiyaneshGeek
Copy link
Member

@tehtbl Thanks a lot, i have validated it :)

@princechaddha princechaddha added the good first issue Good for newcomers label Oct 28, 2022
@princechaddha princechaddha merged commit 52d6898 into projectdiscovery:master Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@princechaddha princechaddha princechaddha approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge good first issue Good for newcomers Hacktoberfest
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tehtbl @DhiyaneshGeek @princechaddha