关联漏洞
标题:WordPress 安全漏洞 (CVE-2021-21389)Description:WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress BuddyPress 7.2.1 存在安全漏洞,该漏洞源于非特权的普通用户可以通过利用REST API成员端点中的问题获得管理员权限。
Description
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
介绍
# CVE-2021-21389
BuddyPress < 7.2.1 - REST API Privilege Escalation to RCE
PoC (Full)
Affected version: 5.0.0 to 7.2.0
User requirement: Subscriber user
Method: Privilege Escalation to Administrator and trigger RCE via REST API
Endpoint: `/v1/members/me` endpoint.
# How to use Docker
##
```
git clone https://github.com/HoangKien1020/CVE-2021-21389
cd CVE-2021-21389/
docker build . -t hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Other way to pull this docker instead of building:
docker pull hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Access your host/IP
Ex: http://test.local:8080
```
# How to exploit
###
```
python3 CVE-2021-21389.py http://test.local:8080 test 1234 whoami
```
Example:
# Reference
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
文件快照
[4.0K] /data/pocs/cbec90b264721d5f0a666abcb71137b6a4082265
├── [4.7K] CVE-2021-21389.py
├── [1.3K] Dockerfile
├── [1.0K] README.md
└── [4.0K] src
├── [7.1K] apache2.conf
├── [ 94] start.sh
├── [719K] wordpress.sql
└── [3.3K] wp-config.php
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →