Information System's Security 2nd Assignment

Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.

To start and configure the environment, you should just run:

docker-compose run --rm wordpress-cli

• Docker
• Docker-Compose
• Python 3.9+
• Argparser
• Hashcat

In example.md file, you can follow a little tutorial with some examples to get started with the exploit of this vulnerability.

First of all, ensure the file we're going to execute has execution permission. So run the following command.

chmod +x exploit.py

Then, to run the exploit, you should run the following command replacing the <payload> with:

1. Dump database name.
2. Dump users table.

./exploit.py http://127.0.0.1:8000/wp-admin/admin-ajax.php [payload] [-l LIMIT_USER] [-o output]

For going a little bit further, We prepared a script that runs our exploit and uses the data from the user's table, and, then, tries to recover the original passwords forcing a dictionary attack through hashcat.

For this attack, we are using the dictionary rockyou.txt.

To execute it, just make sure it has execution permissions and runs it.

chmod +x experiment.sh
./experiment.sh

It can take a while... In the end, you're able to see the file results/users.txt with the users and raw passwords.

You can find a complete report, in French, of this assignment in the file Devoir_Securit__2.pdf.

• Leonardo Monteiro
• Wellington Machado de Espindula
• Bassam Graini

• https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661