CVE-2017-8295

This PoC exploits CVE-2017-8295, a WordPress password reset vulnerability where the Host header is used to manipulate the password reset email destination. The script sends crafted requests to multiple WordPress sites to trigger password reset emails to an attacker-controlled domain.

This repository provides a WordPress plugin designed to mitigate the CVE-2017-8295 vulnerability by restricting allowed hostnames. It includes installation and usage instructions but does not contain exploit code.

This repository contains a functional Perl exploit for CVE-2017-8295, which targets WordPress versions prior to 4.7.4. The exploit manipulates the Host HTTP header to redirect password reset emails to an attacker-controlled domain, allowing unauthorized password resets.

This repository contains a writeup describing CVE-2017-8295, an unauthorized password reset vulnerability in WordPress 4.7.4. The vulnerability allows attackers to obtain password reset links without authentication, potentially leading to account compromise.

This repository contains a functional Perl exploit for CVE-2017-8295, which leverages the Host HTTP header to manipulate WordPress password reset emails. The exploit sends a crafted request to trigger a password reset email to an attacker-controlled domain.

This exploit demonstrates a password reset vulnerability in WordPress 4.7 by manipulating the Host header to redirect password reset emails to an attacker-controlled domain. It leverages improper handling of the SERVER_NAME variable to spoof email headers.