CVE-2019-8943 PoC — WordPress 路径遍历漏洞

Source

https://github.com/oussama-rahali/CVE-2019-8943

Associated Vulnerability

Title:WordPress 路径遍历漏洞 (CVE-2019-8943)
Description:WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

Description

Exploit of CVE-2019-8942 and CVE-2019-8943

Readme

# CVE-2019-8943

WordPress 5.0.0 - Image Remote Code Execution

Exploit of CVE-2019-8942 and CVE-2019-8943 using python : ExploitDB : https://www.exploit-db.com/exploits/49512

The original exploit for metasploit : WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) : https://www.exploit-db.com/exploits/46662

## video :

[![Watch the video](https://raw.githubusercontent.com/v0lck3r/CVE-2019-8943/main/poc.png)](https://player.vimeo.com/video/507536840)
## Description:


The video below demonstrates how an attacker could potentially compromise a wordpress website and achieve RCE (remote code execution) by exploiting the vulnerabilities linked above (CVE-2019-8942 and CVE-2019-8943).

Note: I made this exploit while I was working on tryhackme blog room : https://tryhackme.com/room/blog without using metasploit .

By : Oussama RAHALI

File Snapshot


 [4.0K]  /data/pocs/b6857cdb3aabe62ad8784c5e45c89e3f122e68a8
├── [220K]  poc.png
├── [5.4K]  RCE_wordpress.py
└── [ 852]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!