⌘Ctrlk

Wordpress

User enumeration

wpscan --enumeration u --url <url>
curl -s -X GET "http://<url>/wp-json/wp/v2/users/"

RCE via edit themes

Una vez logeados en el wp-admin, nos vamos a themes->theme editor->

404.php

Y generar un 404 error modificando la url:

Modificar el header.php

PreviousPort 80/443 - HTTP/HTTPS NextCMS Made Simple (CMSMS)

Last updated 2 years ago