Wordpress 5.9.2 RCE?

on
  1. I;m doing a ctf and enumerated the targed & found 2 user password for the wp -admin via xml-rpc.
  2. 2 SHH cert. file auth only, trying to find the vulnerability that levrage rce(reverse shell), maybe someone here has any solutions? I metion that the one of the 2 users has some administrative priv. (like accepting/deny posts).
  3. found db info(db_name, DB-user, DB-pass) but it listens on local so cant get access
  4. pastebin wp-scan link here
  5. info links:

https://www.tenable.com/plugins/was/113193

https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006

https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-11358&scoretype=cvssv3

Any help is much appreciated!!

submitted by /u/wildmuffincake420
[link] [comments]

from hacking: security in practice https://ift.tt/8iDBO6t

Comments

Post a Comment