CVE-2021-21389

BuddyPress < 7.2.1 - REST API Privilege Escalation to RCE

PoC (Full)

Affected version: 5.0.0 to 7.2.0

User requirement: Subscriber user

Method: Privilege Escalation to Administrator and trigger RCE via REST API

Endpoint: /v1/members/me endpoint.

How to use Docker

git clone https://github.com/HoangKien1020/CVE-2021-21389
cd CVE-2021-21389/
docker build . -t hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389

Other way to pull this docker instead of building:
docker pull hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389

Access your host/IP
Ex: http://test.local:8080

How to exploit

python3 CVE-2021-21389.py http://test.local:8080 test 1234 whoami

Example:

Reference

https://buddypress.org/2021/03/buddypress-7-2-1-security-release/

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
src		src
CVE-2021-21389.py		CVE-2021-21389.py
Dockerfile		Dockerfile
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-21389

How to use Docker

How to exploit

Reference

About

Releases

Packages

Languages

HoangKien1020/CVE-2021-21389

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-21389

How to use Docker

How to exploit

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages