inurl:"/wp-content/plugins/123ContactForm

SHDB
1092 阅读

日期：2021-06-01
类别：
- Advisories and Vulnerabilities
作者：Rutvik Jaini
语法：inurl:"/wp-content/plugins/123ContactForm
# Dork: inurl:"/wp-content/plugins/123ContactForm"

#Author: Rutvik Jaini

#references: https://wpscan.com/vulnerability/ce716e4f-60f8-42e3-8891-a38e7948b970

https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html

DescriptionThe cfp-connect AJAX call uses user input controlled data to
perform the signature verification, attackers could craft these values
($message, $signature, $cf_pub_key) to bypass the validation mechanisms and
inject their own public_key into the database.

POC:

更多Hacking Darks
热门推荐