POC详情: 57056a37e045239fac4643e874ef11701deba857

来源
https://github.com/hxlxmj/CVE-2022-3590-WordPress-Vulnerability-Scanner
关联漏洞
标题: WordPress 代码问题漏洞 (CVE-2022-3590)
描述:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress存在代码问题漏洞,该漏洞源于pingback功能中未经验证的服务器端请求伪造。
描述
 This repository contains a Python script that checks WordPress websites for the CVE-2022-3590 vulnerability, which exploits an unauthenticated blind Server-Side Request Forgery (SSRF) in the WordPress pingback feature.
介绍
# CVE-2022-3590 WordPress Vulnerability Scanner

This Python script is designed to check whether a WordPress website is vulnerable to the CVE-2022-3590 vulnerability. The vulnerability exploits an unauthenticated blind Server-Side Request Forgery (SSRF) in the pingback feature of WordPress.

## Getting Started

These instructions will guide you on how to use this script.

## Screenshot

![Image Alt Text](https://raw.githubusercontent.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner/main/img/cli.jpg)

### Prerequisites

This script requires Python 3 and the `requests` library. You can install the necessary requirements using pip:

```
pip install -r requirements.txt
```

### Usage

You can run the script from the command line with the following syntax:

```
python3 CVE-2022-3590.py [-u URL | -f FILE] [-d DOMAIN]
```

Here is what each argument does:

- `-u URL` or `--url URL`: The URL of the WordPress website to check.
- `-f FILE` or `--file FILE`: A file containing a list of URLs of WordPress websites to check.
- `-d DOMAIN` or `--domain DOMAIN`: The domain controlled by the attacker. 
   (You can use public.requestbin.com or app.interactsh.com)

### Example

To scan a single website:

```
python3 CVE-2022-3590.py -u https://example.com
```

To scan multiple websites from a file:

```
python3 CVE-2022-3590.py -f urls.txt
```

### Output

The script will output whether each scanned website is vulnerable to the CVE-2022-3590 vulnerability.

## License

This project is licensed under the MIT License.

## Acknowledgments

https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2745

https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11

https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/
文件快照

 [4.0K]  /data/pocs/57056a37e045239fac4643e874ef11701deba857
├── [5.0K]  CVE-2022-3590.py
├── [4.0K]  img
│   └── [230K]  cli.jpg
├── [1.0K]  LICENSE
├── [1.8K]  README.md
└── [  50]  requirements.txt

1 directory, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。