BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

Last update: Nov 09, 2022

Overview

CVE-2021-21389

BuddyPress < 7.2.1 - REST API Privilege Escalation to RCE

PoC (Full)

Affected version: 5.0.0 to 7.2.0

User requirement: Subscriber user

Method: Privilege Escalation to Administrator and trigger RCE via REST API

Endpoint: /v1/members/me endpoint.

How to use Docker

git clone https://github.com/HoangKien1020/CVE-2021-21389
cd CVE-2021-21389/
docker build . -t hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389

Other way to pull this docker instead of building:
docker pull hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389

Access your host/IP
Ex: http://test.local:8080

How to exploit

python3 CVE-2021-21389.py http://test.local:8080 test 1234 whoami

Example:

Reference

https://buddypress.org/2021/03/buddypress-7-2-1-security-release/

Owner

KIEN HOANG

GitHub Repository

GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

5 Mar 10, 2022

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

76 Nov 30, 2022

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

187 Jan 03, 2023

A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

scad-build This is a multi-STL OpenSCAD build system based around GNU make. It supports dynamic build targets, intelligent previews with user-defined

1 Dec 21, 2021

Hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

5.8k Jan 07, 2023

Related tags

Overview

CVE-2021-21389

How to use Docker

How to exploit

Reference

Owner

KIEN HOANG

GDID (Google Dorks for Information Disclosure)

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

Hacktricks - Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

spring-cloud-gateway-rce CVE-2022-22947

Tools for investigating Log4j CVE-2021-44228

Mass scan for .git repository and .env file exposure

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

This is a Python program that implements a vacuum cleaner as an Artificial Intelligence.

AMC- Automatic Media Access Control [MAC] Address Spoofing Tool

Android Malware (Analysis | Scoring) System

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

A Tool to find subdomains from hackerone reports.

CVE 2020-14871 Solaris exploit

A OSINT tool coded in python

CodeTest信息收集和漏洞利用工具

This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

A Modified version of TCC's Osprey poc framework......