• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

WordPress 4.7.0/4.7.1 Content Injection Exploit

February 3, 2017 by Jack Wilder 4 Comments

Celah ini menginfeksi  WordPress REST API yang ditambahkan secara default pada WordPress 4.7.0. Salahsatu API tersebut memungkinkan kita mengupdate menghapus mengedit dan menambahkan konten di WordPress. Sayangnya fitur ini malah memiliki celah yangmana pengunjung situs yang bukan admin pun dapat mengupdate konten website melalui API tersebut.

Untuk detail lebih jauh cek di
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
Exploit :
WordPress 4.7.0/4.7.1 – Unauthenticated Content Injection (Ruby)
Edit seperlunya di bagian Title dan Post
Jika error pas run ruby, install rest-client dulu.
sudo gem install rest-client
Lalu jalankan lagi exploit nya.
Shares

Filed Under: WordPress Exploit Tagged With: Exploit, Wordpress

Reader Interactions

Comments

  1. Choirur Rizal says

    March 2, 2017 at 8:30 pm

    om, punya ane kok error mulu ya, knapa :3
    # ruby xploiter.rb
    /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file — rest-client (LoadError)
    from /usr/local/rvm/rubies/ruby-2.3.0/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from 471.rb:13:in `'

    Reply
    • chiaki says

      March 3, 2017 at 2:05 pm

      rest client nya udh keinstall?

      Reply
    • Choirur Rizal says

      March 14, 2017 at 5:22 am

      aduhh, iya om 🙂
      saya gak baca yang bawah sendiri, makasih yaa. sudah bisa, makasih :>) (f) (h)

      Reply
  2. Newbe says

    January 8, 2020 at 2:05 pm

    Kalo lewat mobile/android gk bisa sudo gem install rest-client, trus cara yg lain biar bisa gimana?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Bruteforce FTP Login dengan Metasploit Module FTP Authentication Scanner

Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

WordPress Fraction Theme Version 1.1.1 Privilege Escalation

Exploit WPStore Themes Upload Vulnerability

Surge.sh Custom Domain or Subdomain Takeover

bWAPP Remote File Inclusion Medium Security Level

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

Arti dari Kata Deface yang Sering Dibahas oleh para Hacker

Laravel PHPUnit Remote Code Execution

CVE-2019-13360 – CentOS Control Web Panel Authentication Bypass

LinuxSec / 75 queries in 0.12 seconds