admin 发布于 2015-01-10 08:53
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[] Exploit Title: Wordpress...
admin 发布于 2015-01-10 08:52
# Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload
# Date: 29-10-2014
# Software Link: https://wordpress.org/plugins/wp-easycart/
# Exploit Author...
admin 发布于 2015-01-06 02:39
######################
Exploit Title : Wordpress WP-EMail 2.64 Cross Site Scripting
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : https://wordpress.org/plugin...
admin 发布于 2014-12-29 06:26
Software Link: https://wordpress.org/plugins/frontend-uploader/
Exploit :
http://TARGET/[forntEndUploaderPage]=59&errors[fu-disallowed-mime-type][0][name]=XSS...
admin 发布于 2014-12-06 08:58
<?php
echo "\nCVE-2014-9034 | WordPress <= v4.0 Denial of Service Vulnerability\n";
echo "Proof-of-Concept developed by john@secureli.com (http://secureli.com)\n\n";
echo "u...
admin 发布于 2014-12-04 10:34
wp-exp.js功能:
读取txt中每一行的内容去请求,从返回中解析文章的url,如果不是默认的那么便从rss中读取。
读取出文章url后,自动获得表单,并提交xss代码。
xss代码能覆盖掉页面百分之80的内容,触发面积更大:
程序运行后:
触发XSS后:
...
admin 发布于 2014-11-27 12:43
漏洞分析
问题出在wordpress的留言处,通常情况下留言是允许一些html标签的,比
如<a>、<B>、<code>等等,然而标签中有一些属性是在白名单里的,比如<a>标签允许
href属性,但是onmouseover属性是不允许的。
但是在一个字符串格式化函数wptext...
admin 发布于 2014-03-18 13:11
任何开启了Pingback(默认就开启)的WordPress的站点可以被用来做DDOS攻击其它服务器。
看如下日志:
74.86.132.186 - - [09/Mar/2014:11:05:27 -0400] "GET /?4137049=6431829 HTTP/1.0" 403 0 "-" "WordPress/3.8; htt...
