This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities. @vinulium and me created it to practice writing exploits from vulnerability descriptions.
The environment contains the following vulnerabilites that can be exploited:
- PHP Object Injection Vulnerability in Booster for WooCommerce <= 3.0.1
- LFI in WOOF – Products Filter for WooCommerce <= 1.1.9
- XSS Woocomerce Currency Switcher <= 1.1.5.1
- WooCommerce Checkout Manager Arbitrary File Upload
- LFI vulnerability in MailChimp for WooCommerce <= 2.1.1
- YITH WooCommerce Compare <= 2.0.9 - Unauthenticated PHP Object injection
- CVE-2018-20966: XSS in Booster for WooCommerce < 3.8.0
The wordpress installation is ready to be exploited, some of the plugins need further setup as stated below. Each plugin needs to be activated for exploitation. It is better to stick to only one activated plugin as otherwise there can be some compatibility issues.
We did writeups for all of the vulnerabilites in this blogpost.
docker-compose build && docker-compose up
Instance should be here http://localhost/
admin:admin
- Add at least one product here:
http://localhost/wp-admin/post-new.php?post_type=product&tutorial=true - Go to
http://localhost/wp-admin/admin.php?page=wc-settings&tab=jetpack, enable "Products per Page" and save changes
- Go to
http://localhost/wp-admin/admin.php?page=wc-settings&tab=jetpack, enable "Email Verification" and save changes - Now this plugin is ready for exploitation
- Go to http://localhost/wp-admin/admin.php?page=woocommerce-checkout-manager and activate "Allow Customers to Upload Files" and "Categorize Uploaded Files"
- Run the WooCommerce Setup http://localhost/wp-admin/admin.php?page=wc-setup , select only digital goods and activate "Cash on delivery". Skip plugins and recommendations in between.
- Set up a product with price
http://localhost/wp-admin/post-new.php?post_type=product - Order the product
- Now this plugin is ready for exploitation