Category : exploits

https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.1.7/libs/controllers/sfsi_buttons_controller.php#L877 https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.1.7/libs/controllers/sfsi_buttons_controller.php#L882 https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.1.7/libs/controllers/sfsi_buttons_controller.php#L884 https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.1.7/libs/controllers/sfsi_buttons_controller.php#L887 https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.1.7/libs/controllers/sfsi_iconsUpload_contol..

Read more

Proof of Concept The following url should yield the contents of (/etc/passwd) where the path parameter was expecting a GetText file but instead receives the payload, and the contents of said file can be viewed under the source tab or the (file-view) functionality under the action parameter. /wp-admin/admin.php?path=%2Fetc%2Fpasswd&bundle=twentynineteen&domain=twentynineteen&page=loco-theme&action..

Read more

1.Download csrf_wp-members.html 2.Change URL in html file.(FORM ACTION). 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMA_XXikw/view?usp=sharing HTML_FILE : https://drive.google.com/file/d/131SkyhmXfOZeZV8ph6Y8QOaSVG3WxvdZ/view?u..

Read more

Proof of Concept http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab: http://jobcareer.chimpgroup.com/candidate-dashboard/?profile_tab=resume . Some of input fields are vulnerable for Stored XSS Injections due to bad XSS filtering. Press the «+ Add new» link and use your payload only in the text editor area and ..

Read more

Proof of Concept http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab: http://jobcareer.chimpgroup.com/candidate-dashboard/?profile_tab=resume . Some of input fields are vulnerable for Stored XSS Injections due to bad XSS filtering. Press the «+ Add new» link and use your payload only in the text editor area and ..

Read more