|
| 1 | +## Vulnerable Application |
| 2 | + |
| 3 | +This module will scan given instances for an unauthenticated SQL injection |
| 4 | +within the CP Multi-View Calendar plugin v1.1.4 for Wordpress. |
| 5 | + |
| 6 | +## References |
| 7 | +* [https://wordpress.org/plugins/cp-multi-view-calendar/] |
| 8 | + |
| 9 | +### Setup using Docksal |
| 10 | +Install [Docksal](https://docksal.io/) |
| 11 | + |
| 12 | +Create a new Wordpress installation using `fin project create` |
| 13 | + |
| 14 | +``` |
| 15 | +➜ ~ fin project create |
| 16 | +1. Name your project (lowercase alphanumeric, underscore, and hyphen): msf-wp |
| 17 | +2. What would you like to install? |
| 18 | + PHP based |
| 19 | + 1. Drupal 8 |
| 20 | + 2. Drupal 8 (Composer Version) |
| 21 | + 3. Drupal 7 |
| 22 | + 4. Wordpress |
| 23 | + 5. Magento |
| 24 | + 6. Laravel |
| 25 | + 7. Symfony Skeleton |
| 26 | + 8. Symfony WebApp |
| 27 | + 9. Grav CMS |
| 28 | + 10. Backdrop CMS |
| 29 | + Go based |
| 30 | + 11. Hugo |
| 31 | + JS based |
| 32 | + 12. Gatsby JS |
| 33 | + 13. Angular |
| 34 | + HTML |
| 35 | + 14. Static HTML site |
| 36 | +Enter your choice (1-14): 4 |
| 37 | +Project folder: /home/weh/dev/msf-wp |
| 38 | +Project software: Wordpress |
| 39 | +Project URL: http://msf-wp.docksal |
| 40 | +Do you wish to proceed? [y/n]: y |
| 41 | +Cloning repository... |
| 42 | +Cloning into 'msf-wp'... |
| 43 | +... |
| 44 | +3. Installing site |
| 45 | + Step 1 Initializing stack... |
| 46 | +Removing containers... |
| 47 | +... |
| 48 | +Starting services... |
| 49 | +Creating network "msf-wp_default" with the default driver |
| 50 | +Creating volume "msf-wp_cli_home" with default driver |
| 51 | +Creating volume "msf-wp_project_root" with local driver |
| 52 | +Creating volume "msf-wp_db_data" with default driver |
| 53 | +Creating msf-wp_db_1 ... done |
| 54 | +Creating msf-wp_cli_1 ... done |
| 55 | +Creating msf-wp_web_1 ... done |
| 56 | +Connected vhost-proxy to "msf-wp_default" network. |
| 57 | +Waiting for project stack to become ready... |
| 58 | + Step 2 Initializing site... |
| 59 | + Step 2 Generating wp-config.php... |
| 60 | +Success: Generated 'wp-config.php' file. |
| 61 | + Step 3 Installing site... |
| 62 | +msmtp: envelope-from address is missing |
| 63 | +Success: WordPress installed successfully. |
| 64 | +Open http://msf-wp.docksal in your browser to verify the setup. |
| 65 | +Admin panel: http://msf-wp.docksal/wp-admin. User/password: admin/admin |
| 66 | + DONE! Completed all initialization steps. |
| 67 | +➜ ~ |
| 68 | +``` |
| 69 | + |
| 70 | +Download the Wordpress plugin |
| 71 | + |
| 72 | +``` |
| 73 | +cd msf-wp/wp-content/plugins |
| 74 | +wget https://github.com/wp-plugins/cp-multi-view-calendar/archive/refs/tags/1.0.2.zip |
| 75 | +unzip 1.0.2.zip |
| 76 | +``` |
| 77 | + |
| 78 | +Login and click on DukaPress "Activate" Link |
| 79 | + |
| 80 | +``` |
| 81 | +http://msf-wp.docksal/wp-admin/plugins.php |
| 82 | +user: admin |
| 83 | +pass: admin |
| 84 | +``` |
| 85 | + |
| 86 | +## Verification Steps |
| 87 | + |
| 88 | +1. Do: `use auxiliary/scanner/http/press_cp_calendar_sqli` |
| 89 | +2. Do: `set RHOSTS [IP]` |
| 90 | +3. Do: `set VHOST [HOSTNAME]` |
| 91 | +4. Do: `run` |
| 92 | + |
| 93 | +## Options |
| 94 | + |
| 95 | + |
| 96 | +## Scenarios |
| 97 | + |
| 98 | +``` |
| 99 | +msf auxiliary(wordpress_cp_calendar_sqli) > run |
| 100 | +
|
| 101 | +[+] 10.211.55.4:80 - Vulnerable to unauthenticated SQL injection within CP Multi-View Calendar 1.1.4 for Wordpress |
| 102 | +[*] Scanned 1 of 1 hosts (100% complete) |
| 103 | +[*] Auxiliary module execution completed |
| 104 | +``` |
0 commit comments