CVE-2021-21389
BuddyPress < 7.2.1 - REST API Privilege Escalation to RCE
PoC (Full)
Affected version: 5.0.0 to 7.2.0
User requirement: Subscriber user
Method: Privilege Escalation to Administrator and trigger RCE via REST API
Endpoint: /v1/members/me endpoint.
How to use Docker
git clone https://github.com/HoangKien1020/CVE-2021-21389
cd CVE-2021-21389/
docker build . -t hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Other way to pull this docker instead of building:
docker pull hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Access your host/IP
Ex: http://test.local:8080
How to exploit
python3 CVE-2021-21389.py http://test.local:8080 test 1234 whoami
Example:
Reference
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
1 Nov 24, 2022
153 Dec 20, 2022
7 Oct 06, 2021
3 Jan 23, 2022
219 Nov 28, 2022
93 Jan 05, 2023
3 Mar 24, 2022
52 Nov 09, 2022
140 Dec 16, 2022
87 Dec 29, 2021
103 Dec 18, 2022
98 Dec 26, 2022
[email protected]">
388 Dec 27, 2022
25 Nov 24, 2022
232 Nov 21, 2022
35 Apr 17, 2022
8 Dec 20, 2022
48 Nov 26, 2022
12 Dec 30, 2022
67 Oct 25, 2022