CVE-2016-10956 PoC — WordPress mail-masta插件输入验证错误漏洞

Source

https://github.com/Hackhoven/wp-mail-masta-exploit

Associated Vulnerability

Title:WordPress mail-masta插件输入验证错误漏洞 (CVE-2016-10956)
Description:The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.

Description

Exploit script for WordPress Plugin Mail Masta 1.0 - CVE-2016-10956

Readme

# WordPress Plugin Mail Masta 1.0 - CVE-2016-10956 Exploit

This script exploits the CVE-2016-10956 vulnerability in WordPress Plugin Mail Masta 1.0 to extract credentials from `wp-config.php`.

## How to Use

1. Clone the repository:

    ```bash
    git clone https://github.com/Hakchoven/wp-mail-masta-exploit.git
    ```

2. Navigate to the directory:

    ```bash
    cd wp-mail-masta-exploit/
    ```

3. Run the script with the target URL as an argument:

    ```bash
    python3 mail-masta.py http://example.com/wordpress
    ```

Replace `http://example.com/wordpress` with the target WordPress site URL.

## Proof of Concept (PoC)

[- ![Watch the video](mail_masta_poc.mp4)](https://github.com/Hackhoven/wp-mail-masta-exploit/assets/142750639/1c4b2eef-cae7-496d-ad7b-9bd11102677e
)


## Disclaimer
This script is intended for educational purposes only. The author does not condone or support the use of this script for illegal or unethical activities. This script should only be used in legal security research or CTF environments. Use at your own risk.



---

Made by [Hackhoven](https://github.com/Hakchoven)

File Snapshot


 [4.0K]  /data/pocs/7b64369ec6abfdf31fb9577549ba819100e5cc32
├── [2.8K]  mail-masta-exploit.py
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!