misc update
parent
46b16bcfa2
commit
34bba4e794
|
@ -4,7 +4,6 @@ info:
|
|||
name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS)
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/9815
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
|
||||
|
|
|
@ -9,15 +9,13 @@ info:
|
|||
- https://github.com/yumusb/CVE-2021-26295-POC
|
||||
- https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E
|
||||
|
||||
# Note:- This is detection template, To perform deserializes do as below
|
||||
# java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot
|
||||
# `cat mad.ot | hex` and replace in <cus-obj> along with the url in std-String value
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.80
|
||||
cve-id: CVE-2021-26295
|
||||
cwe-id: CWE-502
|
||||
additional-fileds:
|
||||
ysoserial-payload: 'java -jar ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn | hex'
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: madrobot
|
||||
severity: high
|
||||
tags: wordpress,rce,ssrf
|
||||
reference:
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49327
|
||||
- https://wpscan.com/vulnerability/10417
|
||||
|
||||
|
|
Loading…
Reference in New Issue