added CVE-2020-11738

[amrutha-kalle]

CVEX record for CVE-2020-11738, which is a vulnerable WordPress plugin that allows for directory traversal. The current iteration doesn't work because to set up the vulnerability the WordPress command line has to activate the plugin, but the Docker WordPress cli image is not running properly.

[olegbck]

Use the ubuntu2204-ubuntu2204 blueprint. Install Wordpress on ubuntu1, copy the exploit to ubuntu2, run the exploit on ubuntu2 that would attack ubuntu1. Make sure that router_raw.pcap captures the network traffic. The goal is to get the traffic!

[olegbck]

Please download the Docker image and keep it in the data folder. Install it from the file.

[olegbck]

Do we need mysql to be exactly 5.7? If that so, download the Docker image and keep it in the data folder. Install it from the file.

[olegbck]

Use community.docker.docker_compose instead of shell commands

[olegbck]

I tried to use community.docker.docker_compose_v2, but Verify plugin activation started to fail:

2025-01-08 15:09:25,066 - INFO - [ubuntu1] TASK [Verify plugin activation] ************************************************
2025-01-08 15:09:27,079 - INFO - [ubuntu1] fatal: [ubuntu1]: FAILED! => {"changed": true, "cmd": ["docker", "compose", "exec", "wp-cli", "wp", "plugin", "status", "duplicator", "--path=/var/www/html", "--allow-root"], "delta": "0:00:00.668878", "end": "2025-01-08 14:09:25.670000", "msg": "non-zero return code", "rc": 1, "start": "2025-01-08 14:09:25.001122", "stderr": "service \"wp-cli\" is not running", "stderr_lines": ["service \"wp-cli\" is not running"], "stdout": "", "stdout_lines": []}

wp-cli is not running probably due to the entry point command ["sh", "-c"]. I tried to replace it with ["tail", "-f", "/dev/null"] to make the container running forever, but that brings up another issue:

2025-01-09 11:46:29,091 - INFO - [ubuntu1] TASK [Verify plugin activation] ************************************************
2025-01-09 11:46:33,787 - INFO - [ubuntu1] fatal: [ubuntu1]: FAILED! => {"changed": true, "cmd": ["docker", "compose", "run", "wp-cli", "wp", "plugin", "status", "duplicator", "--path=/var/www/html", "--allow-root"], "delta": "0:00:02.992673", "end": "2025-01-09 10:46:32.016071", "msg": "non-zero return code", "rc": 1, "start": "2025-01-09 10:46:29.023398", "stderr": " Container wordpress-vuln-wordpress-1  Running\n Container wordpress-vuln-db-1  Running\ntail: unrecognized option: path=/var/www/html\nBusyBox v1.37.0 (2024-12-13 21:18:49 UTC) multi-call binary.\n\nUsage: tail [OPTIONS] [FILE]...\n\nPrint last 10 lines of FILEs (or stdin) to.\nWith more than one FILE, precede each with a filename header.\n\n\t-c [+]N[bkm]\tPrint last N bytes\n\t-n N[bkm]\tPrint last N lines\n\t-n +N[bkm]\tStart on Nth line and print the rest\n\t\t\t(b:*512 k:*1024 m:*1024^2)\n\t-q\t\tNever print headers\n\t-v\t\tAlways print headers\n\t-f\t\tPrint data as file grows\n\t-F\t\tSame as -f, but keep retrying\n\t-s SECONDS\tWait SECONDS between reads with -f", "stderr_lines": [" Container wordpress-vuln-wordpress-1  Running", " Container wordpress-vuln-db-1  Running", "tail: unrecognized option: path=/var/www/html", "BusyBox v1.37.0 (2024-12-13 21:18:49 UTC) multi-call binary.", "", "Usage: tail [OPTIONS] [FILE]...", "", "Print last 10 lines of FILEs (or stdin) to.", "With more than one FILE, precede each with a filename header.", "", "\t-c [+]N[bkm]\tPrint last N bytes", "\t-n N[bkm]\tPrint last N lines", "\t-n +N[bkm]\tStart on Nth line and print the rest", "\t\t\t(b:*512 k:*1024 m:*1024^2)", "\t-q\t\tNever print headers", "\t-v\t\tAlways print headers", "\t-f\t\tPrint data as file grows", "\t-F\t\tSame as -f, but keep retrying", "\t-s SECONDS\tWait SECONDS between reads with -f"], "stdout": "", "stdout_lines": []}

[olegbck]

Please do not keep commented code like that