WordPress XXE Vulnerability | CVE-2021-29447 TryHackMe

👉 Download The Ultimate CVE Timeline (2010–2026) Cheat Sheet now https://shop.motasem-notes.net/products/the-ultimate-cve-timeline-20102026-cheat-sheet 📄 Cyber Security Certification Notes & Cheat Sheets https://buymeacoffee.com/notescatalog/extras 🚀(2nd link) Cyber Security Certification Notes & Cheat Sheets https://shop.motasem-notes.net/collections/cyber-security-study-notes 💡Cyber Security Notes | Membership Access https://buymeacoffee.com/notescatalog/membership 🧩Cybersecurity Direct Coaching & Mentoring https://shop.motasem-notes.net/collections/coaching-and-mentoring-programs 🔥Download FREE Cyber Security 101 Study Notes https://buymeacoffee.com/notescatalog/e/290985 🧠 Get Strategic cyber security and tech insights weekly to your email by joining my newsletter below https://buymeacoffee.com/notescatalog/membership 📊Blog Writeups https://www.motasem-notes.net *** In this video walk-through, we covered a wordpress XXE vulnerability CVE-2021-29447 that allows for sensitive files disclosure and server-side request forgery (SSRF). We exploited this Wordpress vulnerability by generating WAV payload and uploading it to the compromised Wordpress website, all along using wpscan tool. This was part of TryHackMe Wordpress: CVE-2021-29447 #CVE #wordpress ***** Writeup https://motasem-notes.net/wordpress-xxe-vulnerability-cve-2021-29447-tryhackme/ TryHackMe Wordpress: CVE-2021-29447 https://tryhackme.com/r/room/wordpresscve202129447 ******** Store https://buymeacoffee.com/notescatalog/extras Patreon https://www.patreon.com/motasemhamdan Instagram https://www.instagram.com/motasem.hamdan.tech/ Google Profile https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6 LinkedIn [1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/ [2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/ Instagram https://www.instagram.com/mastermindstudynotes/ Twitter https://twitter.com/ManMotasem Facebook https://www.facebook.com/motasemhamdantty/ **** 0:00 - Introduction to WordPress Vulnerability (CVE-2021-29447) 0:12 - Explaining the Vulnerability: Arbitrary File Disclosure and SSRF 1:03 - Requirements for Exploiting the Vulnerability 1:41 - Using WPScan to Identify WordPress Vulnerabilities 3:13 - Exploring WordPress Version 5.62 Vulnerabilities 4:48 - Logging into WordPress as a Low-Privilege User 6:08 - Creating a Proof of Concept (POC) File for Exploitation 8:18 - Creating and Uploading POC Files to WordPress Media Library 9:23 - Setting Up a Web Server for the Exploit 11:11 - Uploading Payload and Exploiting the Vulnerability 12:25 - Viewing the Web Server Logs for Results 13:16 - Decoding the Extracted Data Using Zlib 17:02 - Revealing the WordPress Configuration File Content 18:17 - Logging into MySQL Using Extracted Credentials 20:06 - Retrieving Admin Hash from WordPress Database 21:06 - Cracking the Admin Hash Using John the Ripper 22:08 - Logging in as Admin and Exploring WordPress Admin Panel 23:22 - Uploading a Reverse Shell Through Theme Editor 25:18 - Executing the Reverse Shell Exploit Through Plugins 26:23 - Gaining Remote Shell Access 26:50 - Final Thoughts and Wrap-Up