-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wordpress wp_popular_posts rce (CVE-2021-42362) #15948
Conversation
### SRVHOSTNAME | ||
|
||
FQDN of the metasploit server. Must not resolve to a reserved address (192/10/127/172). | ||
[Ref](https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L560) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a note for future travelers, I'd be curious about how this treats IPv6.
You know.... given this is unpleasant to set up, but relatively easy to see, any chance we could trouble you for a pcap? |
sent |
@bwatters-r7 let me know if the file was acceptable. I put IP and MAC sanitization in place, and if it is good I'll add a doc to the wiki and update the PR template with instructions. |
@h00die Yup; got it. Thanks! |
ready to roll! |
Release NotesThis PR adds a new exploit for wp_popular_posts <=5.3.2. |
This PR adds a new exploit for
wp_popular_posts
<=5.3.2.You've been warned, this is a pain to test.
You'll need to install the plugin, add the widget to the homepage. Then register a FQDN that resolves to a non-local IP address (dyndns or other solution is best). Then punch a hole in your firewall for port 80/443/8080 (whatever you want to use).
Verification
List the steps needed to make sure this thing works
use exploits/multi/http/wp_popular_posts_rce
set rhosts
set username
set password
set SRVHOSTNAME
set SRVPORT
run
While i was in there, i updated the wordpress wordlists as well.