|
| 1 | +## Description |
| 2 | +This module will scan given instances for an unauthenticated SQL injection |
| 3 | +within the CP Multi-View Calendar plugin v1.1.4 for Wordpress. |
| 4 | + |
| 5 | +## References |
| 6 | +* [https://wordpress.org/plugins/cp-multi-view-calendar/] |
| 7 | + |
| 8 | +## Vulnerable Application |
| 9 | + |
| 10 | +### Setup using Docksal |
| 11 | +Install [Docksal](https://docksal.io/) |
| 12 | + |
| 13 | +Create a new Wordpress isntallation using `fin project create` |
| 14 | + |
| 15 | +``` |
| 16 | +➜ ~ fin project create |
| 17 | +1. Name your project (lowercase alphanumeric, underscore, and hyphen): msf-wp |
| 18 | +2. What would you like to install? |
| 19 | + PHP based |
| 20 | + 1. Drupal 8 |
| 21 | + 2. Drupal 8 (Composer Version) |
| 22 | + 3. Drupal 7 |
| 23 | + 4. Wordpress |
| 24 | + 5. Magento |
| 25 | + 6. Laravel |
| 26 | + 7. Symfony Skeleton |
| 27 | + 8. Symfony WebApp |
| 28 | + 9. Grav CMS |
| 29 | + 10. Backdrop CMS |
| 30 | + Go based |
| 31 | + 11. Hugo |
| 32 | + JS based |
| 33 | + 12. Gatsby JS |
| 34 | + 13. Angular |
| 35 | + HTML |
| 36 | + 14. Static HTML site |
| 37 | +Enter your choice (1-14): 4 |
| 38 | +Project folder: /home/weh/dev/msf-wp |
| 39 | +Project software: Wordpress |
| 40 | +Project URL: http://msf-wp.docksal |
| 41 | +Do you wish to proceed? [y/n]: y |
| 42 | +Cloning repository... |
| 43 | +Cloning into 'msf-wp'... |
| 44 | +... |
| 45 | +3. Installing site |
| 46 | + Step 1 Initializing stack... |
| 47 | +Removing containers... |
| 48 | +... |
| 49 | +Starting services... |
| 50 | +Creating network "msf-wp_default" with the default driver |
| 51 | +Creating volume "msf-wp_cli_home" with default driver |
| 52 | +Creating volume "msf-wp_project_root" with local driver |
| 53 | +Creating volume "msf-wp_db_data" with default driver |
| 54 | +Creating msf-wp_db_1 ... done |
| 55 | +Creating msf-wp_cli_1 ... done |
| 56 | +Creating msf-wp_web_1 ... done |
| 57 | +Connected vhost-proxy to "msf-wp_default" network. |
| 58 | +Waiting for project stack to become ready... |
| 59 | + Step 2 Initializing site... |
| 60 | + Step 2 Generating wp-config.php... |
| 61 | +Success: Generated 'wp-config.php' file. |
| 62 | + Step 3 Installing site... |
| 63 | +msmtp: envelope-from address is missing |
| 64 | +Success: WordPress installed successfully. |
| 65 | +Open http://msf-wp.docksal in your browser to verify the setup. |
| 66 | +Admin panel: http://msf-wp.docksal/wp-admin. User/password: admin/admin |
| 67 | + DONE! Completed all initialization steps. |
| 68 | +➜ ~ |
| 69 | +``` |
| 70 | + |
| 71 | +Download the Wordpress plugin |
| 72 | + |
| 73 | +``` |
| 74 | +cd msf-wp/wp-content/plugins |
| 75 | +wget https://downloads.wordpress.org/plugin/cp-multi-view-calendar.1.4.32.zip |
| 76 | +unzip cp-multi-view-calendar.1.4.32.zip |
| 77 | +``` |
| 78 | + |
| 79 | +Login and click on DukaPress "Activate" Link |
| 80 | + |
| 81 | +``` |
| 82 | +http://msf-wp.docksal/wp-admin/plugins.php |
| 83 | +user: admin |
| 84 | +pass: admin |
| 85 | +``` |
| 86 | + |
| 87 | +## Verification Steps |
| 88 | + |
| 89 | +1. Do: ```use auxiliary/scanner/http/press_cp_calendar_sqli``` |
| 90 | +2. Do: ```set RHOSTS [IP]``` |
| 91 | +3. Do: ```set VHOST [HOSTNAME]``` |
| 92 | +4. Do: ```run``` |
| 93 | + |
| 94 | +## Options |
| 95 | + |
| 96 | +**TARGETURI** |
| 97 | + |
| 98 | +Target URI of the Wordpress instance |
0 commit comments