bbffa273d4
13 changes to exploits/shellcodes/ghdb TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection Atlassian Confluence < 8.5.3 - Remote Code Execution Backdrop CMS 1.23.0 - Stored XSS Gibbon LMS < v26.0.00 - Authenticated RCE Quick.CMS 6.7 - SQL Injection Login Bypass TYPO3 11.5.24 - Path Traversal (Authenticated) WEBIGniter v28.7.23 - Stored XSS WordPress File Upload Plugin < 4.23.3 - Stored XSS xbtitFM 4.1.18 - Multiple Vulnerabilities ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
17 lines
No EOL
516 B
Text
17 lines
No EOL
516 B
Text
Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811)
|
|
Date: 18 December 2023
|
|
Exploit Author: Faiyaz Ahmad
|
|
Vendor Homepage: https://wordpress.com/
|
|
Version: 4.23.3
|
|
CVE : CVE 2023-4811
|
|
|
|
Proof Of Concept:
|
|
|
|
1. Login to the wordpress account
|
|
|
|
2. Add the following shortcode to a post in "File Upload Plugin":
|
|
|
|
[wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"]
|
|
|
|
3. Upload any file on the resulting post.
|
|
4. After the upload completes, you will see the XSS alert in the browser. |