CVE-2018-19487 PoC — WordPress WP-jobhunt插件信息泄露漏洞

Source

https://github.com/YOLOP0wn/wp-jobhunt-exploit

Associated Vulnerability

Title:WordPress WP-jobhunt插件信息泄露漏洞 (CVE-2018-19487)
Description:The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users.

Description

CVE-2018-19487, CVE-2018-19488, exploit for WordPress wp-jobhunt plugin

Readme

# wp-jobhunt-exploit
CVE-2018-19487, CVE-2018-19488, exploit for WordPress wp-jobhunt plugin

wp-jobhunt plugin is a plugin used with JobCareer theme:

https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636 (see changelog at the bottom)


Python exploit for **CVE-2018-19487** (AJAX user information disclosure) and **CVE-2018-19488** (AJAX user reset password) for version 2.2 and before.


**REQUIREMENTS:**
- requests
- urllib
- json


**HOW TO USE:**

Check if vulnerable to user enumeration:

```python poc.py --checkenum https://wpsite/path/to/wp-admin/admin-ajax.php```


Check if vulnerable to user reset pass:

```python poc.py --checkreset https://wpsite/path/to/wp-admin/admin-ajax.php```


Exploit user enumeration:

```python poc.py --enum https://wpsite/path/to/wp-admin/admin-ajax.php```


Exploit user reset password:

```python poc.py --reset https://wpsite/path/to/wp-admin/admin-ajax.php```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!