mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-04 22:18:13 +02:00
0xMarcio
2.0 KiB
2.0 KiB
CVE-2019-8943
Description
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
POC
Reference
- http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html
- http://packetstormsecurity.com/files/152396/WordPress-5.0.0-crop-image-Shell-Upload.html
- http://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/161213/WordPress-5.0.0-Remote-Code-Execution.html
- https://www.exploit-db.com/exploits/46511/
- https://www.exploit-db.com/exploits/46511/
- https://www.exploit-db.com/exploits/46662/
- https://www.exploit-db.com/exploits/46662/
Github
- https://github.com/0xMafty/Blog
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Afetter618/WordPress-PenTest
- https://github.com/Cl0wnK1n9/WhiteHat
- https://github.com/El-Palomo/DerpNStink
- https://github.com/SexyBeast233/SecBooks
- https://github.com/brianwrf/WordPress_4.9.8_RCE_POC
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dkohli23/WordPressLab7and8
- https://github.com/hadrian3689/wordpress_cropimage
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/nenandjabhata/CTFs-Journey
- https://github.com/ret2x-tools/poc-wordpress-5.0.0
- https://github.com/s4rgaz/poc-wordpress-5.0.0
- https://github.com/scannells/exploits
- https://github.com/synod2/WP_CROP_RCE
- https://github.com/v0lck3r/CVE-2019-8943
- https://github.com/yaguine/blog