Exploit for Improper Restriction of XML External Entity Reference in Wordpress CVE-2021-29447

## https://sploitus.com/exploit?id=12762D18-7959-524B-8B39-25A860A035DE
# POC CVE-2021029447 - XXE in WordPress
# WordPress 5.6-5.7 - Authenticated (Author+) XXE (CVE-2021-29447)

- https://vulners.com/cve/CVE-2021-29447


## Using

### Step1. Run WordPress

```
$ make up-wp
```

### Step2. Run Attacker web server

```
$ make up-mal
```

### Step3. Generate malicious WAV file

#### With wavefile npm

```
$ make make-wav
```

### Step4. Login to WordPress & Upload WAV file to New Media

```
open http://localhost:8000/
open http://localhost:8000/wp-admin/
```

vedi in console il file trafugato e puo' essere decodificato

# Risorse online


info sui comandi possibili nel file attaccante dtd https://www.php.net/manual/en/wrappers.php.php



### Spiegazione codice vulnerabile

https://github.com/Abdulazizalsewedy/CVE-2021-29447


### Walktroght 
- https://www.youtube.com/watch?v=tE8Smz1Jvb8
- https://github.com/Slowdeb/Tryhackme/blob/dfbdebe880ddcb5fbfc1f8608812a0e79fd7cf24/Wordpress-CVE-202129447.md?plain=1#L69
    Create a php reverse shell with "msfvenom" or use the awesome php reverse shell from [Pentestmonkey](https://github.com/pentestmonkey/php-reverse-shell). 

### Altre risorse
- https://www.trendmicro.com/it_it/research/19/d/zero-day-xml-external-entity-xxe-injection-vulnerability-in-internet-explorer-can-let-attackers-steal-files-system-info.html