inurl:"/wp-content/plugins/123ContactForm

  • 日期:2021-06-01
  • 类别:
  • 作者:Rutvik Jaini
  • 语法:inurl:"/wp-content/plugins/123ContactForm
  • # Dork: inurl:"/wp-content/plugins/123ContactForm"

    #Author: Rutvik Jaini

    #references: https://wpscan.com/vulnerability/ce716e4f-60f8-42e3-8891-a38e7948b970

    Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin

    DescriptionThe cfp-connect AJAX call uses user input controlled data to
    perform the signature verification, attackers could craft these values
    ($message, $signature, $cf_pub_key) to bypass the validation mechanisms and
    inject their own public_key into the database.

    POC: