CVE-2022-1386

This is a functional proof-of-concept exploit for CVE-2022-1386, an unauthenticated SSRF vulnerability in Fusion Builder WordPress plugin versions prior to 3.6.2. The script automates the exploitation process by generating a fusion ID, crafting a malicious request, and sending it to the target to read arbitrary files or make internal HTTP requests.

This repository contains a working PoC for CVE-2022-1386, an unauthenticated SSRF vulnerability in Fusion Builder < 3.6.2. It includes a mass vulnerability checker using GNU Parallel and a single-target exploiter script.

This script is a mass vulnerability checker for CVE-2022-1386, an unauthenticated SSRF vulnerability in Fusion Builder < 3.6.2. It uses GNU Parallel to test multiple targets concurrently and categorizes them as vulnerable or not based on the response.

This repository contains a functional Python PoC for CVE-2022-1386, an unauthenticated SSRF vulnerability in Fusion Builder < 3.6.2. The exploit fetches a nonce and sends a crafted multipart request to trigger an SSRF via admin-ajax.php.

This repository contains a proof-of-concept for CVE-2022-1386, an unauthenticated SSRF vulnerability in Fusion Builder WordPress plugin. The exploit demonstrates how an attacker can read arbitrary files on the server by manipulating the `fusionAction` parameter in a POST request.

This is a functional PoC for CVE-2022-1386, an unauthenticated SSRF vulnerability in Fusion Builder < 3.6.2. It automates the exploitation process by generating a fusion ID, crafting a malicious request, and testing for vulnerability.

This repository contains a functional proof-of-concept for CVE-2022-1386, an unauthenticated SSRF vulnerability in the Fusion Builder WordPress plugin. The exploit demonstrates how an attacker can read arbitrary files on the server by sending a crafted HTTP request to the plugin's form submission endpoint.