CVE-2021-21389
BuddyPress < 7.2.1 - REST API Privilege Escalation to RCE
PoC (Full)
Affected version: 5.0.0 to 7.2.0
User requirement: Subscriber user
Method: Privilege Escalation to Administrator and trigger RCE via REST API
Endpoint: /v1/members/me endpoint.
How to use Docker
git clone https://github.com/HoangKien1020/CVE-2021-21389
cd CVE-2021-21389/
docker build . -t hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Other way to pull this docker instead of building:
docker pull hoangkien1020/buddypress:cve202121389
docker run -d --rm -it -p 8080:80 hoangkien1020/buddypress:cve202121389
Access your host/IP
Ex: http://test.local:8080
How to exploit
python3 CVE-2021-21389.py http://test.local:8080 test 1234 whoami
Example:
Reference
https://buddypress.org/2021/03/buddypress-7-2-1-security-release/
6 Sep 01, 2022
966 Dec 26, 2022
17 Dec 11, 2022
6 Oct 10, 2022
1 May 06, 2022
44 Nov 20, 2022
15 Nov 23, 2022
43 Dec 23, 2022
46 Nov 12, 2022
13 Oct 15, 2022
22 Nov 09, 2022
362 Nov 28, 2022
134 Dec 16, 2022
2 Jul 26, 2022
16 Mar 24, 2022
42 Aug 09, 2022
2 Mar 21, 2022
809 Dec 26, 2022
48 Jun 20, 2022