POC详情: 7b64369ec6abfdf31fb9577549ba819100e5cc32

来源
https://github.com/Hackhoven/wp-mail-masta-exploit
关联漏洞
标题: WordPress mail-masta插件输入验证错误漏洞 (CVE-2016-10956)
描述:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。mail-masta是使用在其中的一个电子邮件插件。 WordPress mail-masta插件1.0版本中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
描述
Exploit script for WordPress Plugin Mail Masta 1.0 - CVE-2016-10956
介绍
# WordPress Plugin Mail Masta 1.0 - CVE-2016-10956 Exploit

This script exploits the CVE-2016-10956 vulnerability in WordPress Plugin Mail Masta 1.0 to extract credentials from `wp-config.php`.

## How to Use

1. Clone the repository:

    ```bash
    git clone https://github.com/Hakchoven/wp-mail-masta-exploit.git
    ```

2. Navigate to the directory:

    ```bash
    cd wp-mail-masta-exploit/
    ```

3. Run the script with the target URL as an argument:

    ```bash
    python3 mail-masta.py http://example.com/wordpress
    ```

Replace `http://example.com/wordpress` with the target WordPress site URL.

## Proof of Concept (PoC)

[- ![Watch the video](mail_masta_poc.mp4)](https://github.com/Hackhoven/wp-mail-masta-exploit/assets/142750639/1c4b2eef-cae7-496d-ad7b-9bd11102677e
)


## Disclaimer
This script is intended for educational purposes only. The author does not condone or support the use of this script for illegal or unethical activities. This script should only be used in legal security research or CTF environments. Use at your own risk.



---

Made by [Hackhoven](https://github.com/Hakchoven)
文件快照

 [4.0K]  /data/pocs/7b64369ec6abfdf31fb9577549ba819100e5cc32
├── [2.8K]  mail-masta-exploit.py
└── [1.1K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。