# Wordpress 5.8.2  CVE-2022-21661 Vuln enviroment

This enviroment is setup with the Elementor Custom Skin, plugin 
to test the CVE-2022-21661. 

to start the enviroment

wp-lab$ ./                                   
To get the admin password get the log from the running container, a new pwd is
generated every time the container is booted.

$wp-lab$ docker logs test
[*] user admin pwd: inpJbxn+mhWWNSgEAlsU2A== localip:

to run the exploit, replace \<payloadid\> with:
1. dump db name
2. dump users table.

python3 http://<target-ip>/wp-admin/admin-ajax.php <payload-id>