# SSI-CVE-2022-21661

Information System's Security 2nd Assignment

Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.

## Configuring the environment

To start and configure the environment, you should just run:

docker-compose run --rm wordpress-cli

### Requirements

- Docker
- Docker-Compose
- Python 3.9+
- Argparser
- Hashcat

## Running some examples

In file, you can follow a little tutorial with some examples to get started with the exploit of this vulnerability.

## The exploit itself

First of all, ensure the file we're going to execute has execution permission.
So run the following command.

chmod +x

Then, to run the exploit, you should run the following command replacing the \<payload\> with:

1. Dump database name.
2. Dump users table.

./ [payload] [-l LIMIT_USER] [-o output]

## Going further

For going a little bit further, We prepared a script that runs our exploit and uses the data from the user's table, and, then, tries to recover the original passwords forcing a dictionary attack through hashcat.

For this attack, we are using the dictionary [rockyou.txt](

To execute it, just make sure it has execution permissions and runs it.

chmod +x

It can take a while...
In the end, you're able to see the file results/users.txt with the users and raw passwords.

### Report

You can find a complete report, in French, of this assignment in the file [Devoir_Securit__2.pdf](

### Authors

- Leonardo Monteiro
- Wellington Machado de Espindula
- Bassam Graini

### Exploit References

- <>