Skip to content

Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.

License

Notifications You must be signed in to change notification settings

michaelpierre/SSI-CVE-2022-21661

 
 

Repository files navigation

SSI-CVE-2022-21661

Information System's Security 2nd Assignment

Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.

Configuring the environment

To start and configure the environment, you should just run:

docker-compose run --rm wordpress-cli

Requirements

  • Docker
  • Docker-Compose
  • Python 3.9+
  • Argparser
  • Hashcat

Running some examples

In example.md file, you can follow a little tutorial with some examples to get started with the exploit of this vulnerability.

The exploit itself

First of all, ensure the file we're going to execute has execution permission. So run the following command.

chmod +x exploit.py

Then, to run the exploit, you should run the following command replacing the <payload> with:

  1. Dump database name.
  2. Dump users table.
./exploit.py http://127.0.0.1:8000/wp-admin/admin-ajax.php [payload] [-l LIMIT_USER] [-o output]

Going further

For going a little bit further, We prepared a script that runs our exploit and uses the data from the user's table, and, then, tries to recover the original passwords forcing a dictionary attack through hashcat.

For this attack, we are using the dictionary rockyou.txt.

To execute it, just make sure it has execution permissions and runs it.

chmod +x experiment.sh
./experiment.sh

It can take a while... In the end, you're able to see the file results/users.txt with the users and raw passwords.

Report

You can find a complete report, in French, of this assignment in the file Devoir_Securit__2.pdf.

Authors

  • Leonardo Monteiro
  • Wellington Machado de Espindula
  • Bassam Graini

Exploit References

About

Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 89.3%
  • Shell 10.7%