[YouTube] Hacking WordPress - Unauthenticated Post/Content Injection (WordPress 4.7.0/4.7.1)
WordPress의 취약점을 이용하여 Content Injetcion 하는 Kali Linux 시현 영상 입니다.
주의 : 테스트 이외의 목적으로 발생 되는 문제점에 대해서는 프로그램을 사용하는 사용자가 책임을 지셔야 한다는 것을 알려 드립니다.
Disclaimer: I am not responsible for any damage done using this tool. This tool should only be used for educational purposes and for penetration testing.
The vulnerability allows an unauthenticated attacker to easily edit any blog post of their liking by abusing a bug in the WordPress REST API version 4.7.0/4.7.1
The Vulnerability has already been patched, in the latest wordpress version.
But many of the WordPress sites, are still using 4.7.0/4.7.1
So, why shouldn't give it a try.
Exploit Site : https://www.exploit-db.com/exploits/41223/