Information System's Security 2nd Assignment
Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.
## Configuring the environment
To start and configure the environment, you should just run:
docker-compose run --rm wordpress-cli
- Python 3.9+
## Running some examples
In example.md file, you can follow a little tutorial with some examples to get started with the exploit of this vulnerability.
## The exploit itself
First of all, ensure the file we're going to execute has execution permission.
So run the following command.
chmod +x exploit.py
Then, to run the exploit, you should run the following command replacing the \<payload\> with:
1. Dump database name.
2. Dump users table.
./exploit.py http://127.0.0.1:8000/wp-admin/admin-ajax.php [payload] [-l LIMIT_USER] [-o output]
## Going further
For going a little bit further, We prepared a script that runs our exploit and uses the data from the user's table, and, then, tries to recover the original passwords forcing a dictionary attack through hashcat.
For this attack, we are using the dictionary [rockyou.txt](https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt).
To execute it, just make sure it has execution permissions and runs it.
chmod +x experiment.sh
It can take a while...
In the end, you're able to see the file results/users.txt with the users and raw passwords.
- Leonardo Monteiro
- Wellington Machado de Espindula
- Bassam Graini
### Exploit References