Skip to content

reneoliveirajr/wp_CVE-2020-35489_checker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 

Repository files navigation

wp_CVE-2020-35489_checker

CVE-2020-35489 - Introduction

The wp_CVE-2020-35489_checker is a Python command-line tool designed to check if a WordPress website is vulnerable to CVE-2020-35489. This particular vulnerability stems from a security flaw in the WordPress Contact Form 7 plugin versions before 5.3.2. It enables unauthenticated attackers to upload malicious scripts via form fields, due to insufficient input validation and sanitization, potentially leading to remote code execution on the affected site.

Legal Warning

This script, "wp_CVE-2020-35489_checker", is provided solely for educational and ethical purposes. It is designed to help website administrators, security researchers, and cybersecurity professionals assess whether WordPress websites are vulnerable to the CVE-2020-35489 vulnerability.

By using this script, you agree to the following conditions:

  1. Educational Use Only: The primary intent of this script is to promote awareness and understanding of cybersecurity vulnerabilities. It should be used strictly in a controlled, educational, or testing environment.

  2. Consent and Authorization: You must have explicit authorization or own the website(s) you are testing with this script. Using this script on any website without proper authorization is unethical and may be illegal in your jurisdiction.

  3. No Malicious Intent: This script should not be used for any illegal or unethical activities such as unauthorized accessing, damaging, or exploiting of websites and their data.

  4. Legal Compliance: Users are responsible for ensuring their use of the script is in compliance with all relevant laws and regulations in their jurisdiction, including but not limited to data protection, privacy, and cybersecurity laws.

  5. Liability Disclaimer: The creators and contributors of the wp_CVE-2020-35489_checker will not be held liable for any misuse of the script, nor for any damage, loss, or legal consequences resulting from such misuse.

By downloading, copying, or using this script, you acknowledge and agree that you understand these conditions and will use the tool responsibly. Misuse of this tool is strictly against its intended purpose and could result in legal action.

How to use this tool

Install the necessary dependencies

python -m pip install aiofiles aiohttp packaging

Run the script

python cve_2020_35489_checker.py -h
usage: cve_2020_35489_checker.py [-h] [-d DOMAIN] [-i INPUT_FILE] [-o OUTPUT_FILE]

Checks if a WordPress website is vulnerable to CVE-2020-35489.

options:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Check a single site (Example: python cve_2020_35489_checker.py -d example.com)
  -i INPUT_FILE, --input-file INPUT_FILE
                        Check multiple sites from a text file (Example: python cve_2020_35489_checker.py -i list.txt -o vulnerable.txt)
  -o OUTPUT_FILE, --output-file OUTPUT_FILE
                        Output file for the list of vulnerable sites

Realization / Insight

On that occasion (12/17/2020), it was estimated that approximately 5 million websites were affected. How many are still affected?

For fun (or scientific research) - Google Dork

inurl:/wp-content/plugins/contact-form-7/

References about the vulnerability

Beta Executable for Windows

Download: Release v1.0-Beta1 - Download
Discussion: Release v1.0-Beta1 - Discussion

File Name: wp_CVE-2020-35489_checker_v1.0-beta.1.exe
CRC-32: 23d09689
SHA-1: 057764d27bcbc51d4b115aa94df69dd35776c265
SHA-256: 00ad875be0e475ce79cb8fcbc18c5df6caae9157544e9fe07ab5ed265f609d8d
SHA-512: 8b640cea240e12039b7685965c8dc55a01ae92421c9052c08272f6eaf3e9c5c2015ee12f5bd52bbe331c65563399cc9f2ebd3e71dadb1c8875e600a34cd493e2

image

Always continuously improving...

Contributions

We are open to code contributions! If you know how to reduce the lines of code, improve performance, or add a feature that aligns with the program's objective, bring it on!

Support

For bug reports or feature requests, please open an issue on our GitHub repository. When reporting a bug, try to include as much detail as possible - for example, steps to reproduce the bug, the operating system you're using, and so on.

If you have a question that isn't answered in our documentation, you can also open an issue and I'll do our best to assist.

Code Analysis

Quality gate

Security Rating Vulnerabilities Bugs Maintainability Rating Code Smells Lines of Code Technical Debt Duplicated Lines (%)

About

WordPress Sites Vulnerability Checker for CVE-2020-35489 - "Educational Use Only"

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages