关联漏洞
描述
WordPress社交登录和注册(Discord,Google,Twitter,LinkedIn)<=7.6.4-绕过身份验证
介绍
# CVE-2023-2982
WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass
WordPress社交登录和注册(Discord,Google,Twitter,LinkedIn)<=7.6.4-绕过身份验证
Info
---
`
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
`
`
WordPress的社交登录和注册(Discord、谷歌、推特、领英)插件在7.6.4之前(含7.6.4)的版本中易受身份验证绕过的影响。这是由于在通过插件验证的登录过程中提供的用户加密不足。这使得未经身份验证的攻击者有可能以网站上任何现有用户(如管理员)的身份登录,前提是他们知道与该用户相关的电子邮件地址。这在版本7.6.4中进行了部分修补,在版本7.6.5中进行了完全修补。
`
`This exploit will crawl the website for any email addresses it can find and try them if an email address it not supplied.`
`此漏洞将在网站上爬网它能找到的任何电子邮件地址,并在没有提供电子邮件地址的情况下进行尝试`
Requires
---
* Katana - `go install github.com/projectdiscovery/katana/cmd/katana@latest`
* Nuclei - `go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest`
Usage
---
```
usage: CVE-2023-2982.py [-h] -w WEBSITE_URL [-e EMAIL]
CVE-2023-2982.py
options:
-h, --help show this help message and exit
-w WEBSITE_URL, --website_url WEBSITE_URL
Website URL
-e EMAIL, --email EMAIL
Email
```
文件快照
[4.0K] /data/pocs/d7028f9636bfd6fcfcbfd4a0a7b5e1fb38bd177f
├── [3.5K] CVE-2023-2982.py
├── [1.2K] login.html
└── [2.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。