|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress slideoptinprox Plugin Cross site scr...
# Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload
# Date: 29-10-2014
# Software Link: https://wordpress.org/plugins/wp-easycart/
# Exploit Author: Kacper Szurek
# Contact: http://twit...
######################
# Exploit Title : Wordpress WP-EMail 2.64 Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : https://wordpress.org/plugins/wp-email/
# Date : 2015-...
Software Link: https://wordpress.org/plugins/frontend-uploader/
Exploit :
http://TARGET/[forntEndUploaderPage]=59&errors[fu-disallowed-mime-type][0][name]=XSS
Example(p0c):
http://EXAMPLE/wordpr...
<?php
echo "\nCVE-2014-9034 | WordPress <= v4.0 Denial of Service Vulnerability\n";
echo "Proof-of-Concept developed by john@secureli.com (http://secureli.com)\n\n";
echo "usage: php wordpressed.php domain.com...
wp-exp.js功能:
读取txt中每一行的内容去请求,从返回中解析文章的url,如果不是默认的那么便从rss中读取。
读取出文章url后,自动获得表单,并提交xss代码。
xss代码能覆盖掉页面百分之80的内容,触发面积更大:
程序运行后:
触发XSS后:
运行环境:
node.js
...
漏洞分析
问题出在wordpress的留言处,通常情况下留言是允许一些html标签的,比
如<a>、<B>、<code>等等,然而标签中有一些属性是在白名单里的,比如<a>标签允许
href属性,但是onmouseover属性是不允许的。
但是在一个字符串格式化函数wptexturize()上出现了问题,这个函数会在每一个留言上执行,函数的功能是把当前的字...
任何开启了Pingback(默认就开启)的WordPress的站点可以被用来做DDOS攻击其它服务器。
看如下日志:
74.86.132.186 - - [09/Mar/2014:11:05:27 -0400] "GET /?4137049=6431829 HTTP/1.0" 403 0 "-" "WordPress/3.8; http://www.mtbgearreview.com" 121.127.254.2...
