Wordpress wp_popular_posts rce (CVE-2021-42362) #15948
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bwatters-r7
reviewed
Dec 9, 2021
| ### SRVHOSTNAME | ||
|
|
||
| FQDN of the metasploit server. Must not resolve to a reserved address (192/10/127/172). | ||
| [Ref](https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L560) |
There was a problem hiding this comment.
As a note for future travelers, I'd be curious about how this treats IPv6.
|
You know.... given this is unpleasant to set up, but relatively easy to see, any chance we could trouble you for a pcap? |
|
sent |
|
@bwatters-r7 let me know if the file was acceptable. I put IP and MAC sanitization in place, and if it is good I'll add a doc to the wiki and update the PR template with instructions. |
|
@h00die Yup; got it. Thanks! |
|
ready to roll! |
Release NotesThis PR adds a new exploit for wp_popular_posts <=5.3.2. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a new exploit for
wp_popular_posts<=5.3.2.You've been warned, this is a pain to test.
You'll need to install the plugin, add the widget to the homepage. Then register a FQDN that resolves to a non-local IP address (dyndns or other solution is best). Then punch a hole in your firewall for port 80/443/8080 (whatever you want to use).
Verification
List the steps needed to make sure this thing works
use exploits/multi/http/wp_popular_posts_rceset rhostsset usernameset passwordset SRVHOSTNAMEset SRVPORTrunWhile i was in there, i updated the wordpress wordlists as well.