CVE-2019-9978

This exploit leverages a Remote Code Execution (RCE) vulnerability in the Social Warfare WordPress plugin (CVE-2019-9978) by injecting a malicious URL via the `swp_debug` parameter, which fetches and executes a PHP reverse shell payload hosted on an attacker-controlled server.

This exploit targets a remote code execution (RCE) vulnerability in the Social Warfare WordPress plugin (versions <= 3.5.2) by leveraging the `swp_debug` parameter to load arbitrary options from a malicious URI. The script sends a crafted request to `admin-post.php` and checks for a 500 status code to confirm exploitation.

This is a working PoC for CVE-2019-9978, an unauthenticated remote code execution vulnerability in the Social Warfare WordPress plugin (<=3.5.2). The exploit leverages RFI (Remote File Inclusion) to execute arbitrary commands by supplying a malicious payload URI.

This repository contains a proof-of-concept exploit for CVE-2019-9978, which allows unauthenticated remote code execution (RCE) in the Social Warfare WordPress plugin versions prior to 3.5.3. The exploit leverages the `swp_debug` parameter to load arbitrary options from a remote URL, leading to code execution via `eval`.

This PoC exploits CVE-2019-9978, a remote code execution vulnerability in the Social Warfare WordPress plugin (versions <= 3.5.2). It automates the process of checking for vulnerability and uploading a shell by leveraging the `swp_debug` parameter to load arbitrary content.

This PoC exploits CVE-2019-9978 in Social Warfare <= 3.5.2 by abusing the `swp_debug=load_options` parameter to fetch and execute a remote payload, resulting in a reverse shell. It requires a vulnerable WordPress instance and a listener for the shell.

This is a functional exploit for CVE-2019-9978, targeting a Remote Code Execution (RCE) vulnerability in the Social Warfare WordPress plugin before version 3.5.3. The exploit leverages an SSRF-like vulnerability to fetch a malicious payload from an attacker-controlled HTTP server and execute arbitrary commands on the target system.

This exploit targets CVE-2019-9978, a remote code execution vulnerability in the Social Warfare WordPress plugin (<=3.5.2). It leverages the `swp_debug` parameter to load a malicious PHP backdoor from an attacker-controlled server, executing arbitrary commands via base64-encoded payloads.

This is a Python 3 rewrite of an exploit for CVE-2019-9978, a Remote Code Execution (RCE) vulnerability in the Social Warfare WordPress plugin (<= 3.5.2). The exploit leverages a debug parameter to load arbitrary content from a remote URI, leading to command execution.

This repository contains a detailed remediation report for CVE-2019-9978, focusing on the mitigation of a Remote File Inclusion (RFI) vulnerability in the social-warfare WordPress plugin. It documents defensive measures such as reverse proxy insertion, WAF deployment, SIEM integration, and SSL/TLS enforcement, validated through Wireshark PCAP analysis.

This repository contains a detailed penetration test report documenting the exploitation of CVE-2019-9978 (unauthenticated RCE in the social-warfare WordPress plugin) chained with CVE-2023-4842 to achieve a persistent Meterpreter session. The report includes technical details, methodology, and remediation recommendations.

The repository claims to exploit CVE-2019-9978 (Social Warfare plugin RCE) but provides no actual exploit code, instead pointing to an external PDF report and screenshots. This is a common social engineering lure.

This repository contains a Python-based PoC for CVE-2019-9978, demonstrating unauthenticated Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) in the Social Warfare WordPress plugin. The exploit constructs a malicious URL to include a remote payload, confirming vulnerability via response content.

The repository contains only a README.md with no meaningful content, providing no exploit code or technical details for CVE-2019-9978.

This repository contains a Python-based exploit for CVE-2019-9978, targeting the Social Warfare WordPress plugin (version <= 3.5.2). The exploit leverages the `swp_debug` parameter to include and execute a malicious PHP payload hosted on an attacker-controlled server, resulting in remote code execution via a reverse shell.

This repository contains a working proof-of-concept exploit for CVE-2019-9978, a remote code execution vulnerability in the WordPress Plugin Social Warfare versions prior to 3.5.3. The exploit leverages a malicious server to inject and execute arbitrary commands on the victim server.

This is a Python3 conversion of the original CVE-2019-9978 exploit targeting the Social Warfare WordPress plugin (<=3.5.2). It leverages an RCE vulnerability by loading a remote payload via the `swp_debug` parameter.

This is a Python-based exploit for CVE-2019-9978, which targets a vulnerability in Social Warfare plugin for WordPress. The exploit leverages an SSRF to deliver a payload that executes arbitrary system commands on the target server.

This repository provides a Docker container setup for CVE-2019-9978, a vulnerability in the Social Warfare WordPress plugin. The script initializes a WordPress environment with the vulnerable plugin activated, allowing for exploitation testing.