WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Title source: llmExploitation Summary
EIP tracks 24 public exploits for CVE-2021-29447. PoCs published by David Utón, motikan2010, mega8bit.
AI-analyzed exploit summary This exploit leverages an XXE vulnerability in WordPress 5.6-5.7 via the Media Library to read arbitrary files from the server. It authenticates as a WordPress user, uploads a malicious WAV file containing an XXE payload, and exfiltrates the target file's contents via a controlled HTTP server.
Description
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Exploits (24)
This exploit leverages an XXE vulnerability in WordPress 5.6-5.7 via the Media Library to read arbitrary files from the server. It authenticates as a WordPress user, uploads a malicious WAV file containing an XXE payload, and exfiltrates the target file's contents via a controlled HTTP server.
This repository contains a functional exploit for CVE-2021-29447, an XXE vulnerability in WordPress 5.6-5.7. It includes a malicious WAV file generator and a Docker-based environment to demonstrate the exploit, which leverages XXE to exfiltrate data via a crafted WAV file uploaded to WordPress.
This repository contains a functional exploit for CVE-2021-29447, which leverages an XXE (XML External Entity) vulnerability in WordPress 5.6.2 with PHP 8 to exfiltrate arbitrary files from the server. The exploit generates a malicious .wav file payload and uses a local server to capture the exfiltrated data.
This repository contains a functional PoC for CVE-2021-29447, an XXE vulnerability in WordPress 5.6-5.7. The exploit automates the creation of malicious WAV and DTD files to exfiltrate system files via the Media Library.
This repository contains a functional Python exploit for CVE-2021-29447, an authenticated XXE vulnerability in WordPress Media Library. The exploit uses a malicious WAV file with embedded XML to exfiltrate files from the target system via a locally hosted server.
The repository contains only a README file with minimal information, crediting another GitHub user but providing no exploit code or technical details. It lacks any functional PoC or analysis.
This repository contains a functional Go-based exploit for CVE-2021-29447, a WordPress Media vulnerability involving malicious WAV and DTD file uploads. The PoC automates the generation of exploit files, login, and upload to trigger the vulnerability, with options for file leakage and deflate compression.
This repository contains a functional exploit for CVE-2021-29447, a WordPress XXE vulnerability in the Media Library. It automates the creation of a malicious WAV file, sets up a listener for blind XXE data exfiltration, and handles authentication and file upload to exploit the vulnerability.
This repository contains a functional exploit for CVE-2021-29447, an XXE vulnerability in WordPress's media library. The PoC demonstrates how a malicious WAV file with embedded XML can exfiltrate sensitive data (e.g., /etc/passwd) via an external DTD.
This repository contains a functional Python exploit for CVE-2021-29447, an authenticated XXE vulnerability in WordPress 5.6-5.7. The exploit leverages WAV metadata to trigger out-of-band exfiltration of sensitive files via a crafted DTD.
This repository provides a detailed technical analysis of CVE-2021-29447, an XXE vulnerability in WordPress's Media Library. It explains the root cause, exploitation steps, and the patch applied, but does not include functional exploit code.
This repository provides a detailed technical walkthrough of exploiting CVE-2021-29447, an XXE vulnerability in WordPress, to achieve remote code execution. It includes step-by-step instructions, payloads, and post-exploitation techniques.
This repository contains a functional exploit for CVE-2021-29447, which leverages an XXE vulnerability in WordPress's media upload functionality to exfiltrate files from the target system. The script generates a malicious .wav file and a DTD payload, sets up an HTTP server to receive exfiltrated data, and decodes the extracted files.
This repository contains a functional Python exploit for CVE-2021-29447, which leverages an XXE vulnerability in WordPress to exfiltrate files. The exploit authenticates to WordPress, uploads a malicious WAV file containing XXE payload, and uses a local HTTP server to receive exfiltrated data.
This repository contains a functional exploit for CVE-2021-29447, an XXE vulnerability in WordPress 5.7.0 and earlier. The exploit generates a malicious WAV file with embedded XXE payloads to exfiltrate arbitrary files from the target server via HTTP requests.
This repository contains a functional proof-of-concept exploit for CVE-2021-29447, an XXE injection vulnerability in WordPress 5.6–5.7 when running PHP 8.0+. The exploit leverages the getID3 library's handling of WAV file iXML chunks to trigger external entity substitution, leading to arbitrary file disclosure.
This repository contains a functional exploit script for CVE-2021-29447, an XXE vulnerability in WordPress's Media Library. The script automates the creation of a malicious WAV file with embedded XML, uploads it to a target WordPress site, and exfiltrates data via an XXE attack.
This repository contains a functional exploit generator for CVE-2021-29447, which leverages XXE vulnerabilities in WordPress plugins (e.g., BookingPress < 1.0.11) by embedding malicious XML payloads in WAV file iXML metadata chunks. The exploit generates a WAV file that, when parsed by the vulnerable software, triggers an XXE attack to exfiltrate data to an attacker-controlled server.
This repository contains a functional exploit for CVE-2021-29447, an XXE vulnerability in WordPress 5.6 and 5.7 using PHP 8. The exploit uploads a malicious WAV file containing an XXE payload to exfiltrate local files from the target system.
This repository contains a functional proof-of-concept for CVE-2021-29447, an XXE vulnerability in WordPress 5.6-5.7. It includes a malicious WAV file generator, a Docker-based WordPress environment, and an attacker server to exfiltrate data via XXE.
This repository contains a functional exploit for CVE-2021-29447, an XXE injection vulnerability in WordPress 5.6-5.7 (PHP 8+). The exploit includes a Python script (`lfi.py`) that authenticates to a WordPress site and leverages XXE to exfiltrate files via a PHP-based listener (`grab.php`).
This repository contains a functional Python script that generates a malicious WAV file and DTD file to exploit CVE-2021-29447, an XXE vulnerability in WordPress 5.6-5.7. The exploit leverages XML External Entity (XXE) injection via a crafted WAV file to read arbitrary files from the server.
This repository provides a functional exploit for CVE-2021-29447, leveraging a malicious WAV file with embedded XML to perform arbitrary file disclosure and SSRF attacks on vulnerable WordPress installations. The PoC includes detailed steps for crafting the payload and executing the attack.
References (7)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N