This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities. @vinulium and me created it to practice writing exploits from vulnerability descriptions.
The environment contains the following vulnerabilites that can be exploited:
- PHP Object Injection Vulnerability in Booster for WooCommerce <= 3.0.1
- LFI in WOOF – Products Filter for WooCommerce <= 1.1.9
- XSS Woocomerce Currency Switcher <= 1.1.5.1
- WooCommerce Checkout Manager Arbitrary File Upload
- LFI vulnerability in MailChimp for WooCommerce <= 2.1.1
- YITH WooCommerce Compare <= 2.0.9 – Unauthenticated PHP Object injection
- CVE-2018-20966: XSS in Booster for WooCommerce < 3.8.0
The wordpress installation is ready to be exploited, some of the plugins need further setup as stated below. Each plugin needs to be activated for exploitation. It is better to stick to only one activated plugin as otherwise there can be some compatibility issues.
Link HERE