Automatic Mass Tool for check and exploiting vulnerability in CVE-2022-4061 - JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload
- Using GNU Parallel. You must have parallel for run this tool.
- If you found error like "$'\r': command not found" just do "dos2unix jbwper.sh"
- Linux :
apt-get install parallel -y - Windows : You can install WSL (windows subsystem linux) then do install like linux
if you want use windows (no wsl), install GitBash then do this command for install parallel:
[#]curl pi.dk/3/ > install.sh
[#]sha1sum install.sh | grep 12345678
[#]md5sum install.sh
[#]sha512sum install.sh
[#]bash install.sh
- Make sure you already install Parallel! Then do:
- [#]
git clone https://github.com/im-hanzou/JBWPer.git - [#]
cd JBWPer && chmod +x jbwper.sh - [#]
./jbwper.sh yourlist.txt thread
- https://nvd.nist.gov/vuln/detail/CVE-2022-4061
- https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665
- https://github.com/advisories/GHSA-3459-2j34-8x8g
- This tool is for educational purposes only. Use it responsibly and with proper authorization. The author is not responsible for any misuse.