DB: 2021-09-09

1 changes to exploits/shellcodes

WordPress Plugin TablePress 1.14 - CSV Injection

exploits/php/webapps/50270.txt

@@ -0,0 +1,22 @@
+# Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection
+# Date: 07/09/2021
+# Exploit Author: Nikhil Kapoor
+# Vendor Homepage:
+# Software Link: https://wordpress.org/plugins/tablepress/
+# Version: 1.14
+# Category: Web Application
+# Tested on Windows
+
+How to Reproduce this Vulnerability:
+
+1. Install WordPress 5.8.0
+2. Install and activate TablePress
+3. Navigate to TablePress >> Add New >> Enter Table Name and Description (If You want this is Optional) >> Select Number of Rows and Columns
+4. Click on Add Table
+5. Now in Table Content Input Field Enter CSV Injection Payload
+6. Click on Save Changes
+6. Now go to All Table in TablePress select our entered table >> Click on Export >> Select CSV as an Export Format.
+7. Click on Download Export File
+8. Open the exported CSV file you will see that CSV Injection got Successfully Executed.
+
+Payload Used :- @SUM(1+9)*cmd|' /C calc'!A0

files_exploits.csv

@@ -44392,3 +44392,4 @@ id,file,description,date,author,type,platform,port
 50267,exploits/multiple/webapps/50267.txt,"Antminer Monitor 0.5.0 - Authentication Bypass",1970-01-01,Vulnz,webapps,multiple,
 50268,exploits/php/webapps/50268.txt,"WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)",1970-01-01,"Nikhil Kapoor",webapps,php,
 50269,exploits/php/webapps/50269.py,"WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)",1970-01-01,"Mohin Paramasivam",webapps,php,
+50270,exploits/php/webapps/50270.txt,"WordPress Plugin TablePress 1.14 - CSV Injection",1970-01-01,"Nikhil Kapoor",webapps,php,