New idea A couple of days ago, I read in an article about attacks on freshly installed WordPress instances. Here is the original article: https://www.wordfence.com/blog/2017/07/wpsetup-attack/, it is a pretty good read. So, the idea is to hit a WordPress site that is a…
3 Posts
All posts tagged RCE
After looking at Visual Composer and LayerSlider on CodeCanyon.net, the next item in the popular section is the Ultimate Addons for Visual Composer developed by BrainstormForce. I started looking for the low hanging fruits like $_GET, $_POST, $_COOKIE, admin_init, wp_ajax, etc, and the search for wp_ajax…
The Real Estate 7 version 2.5.6 suffers from an arbitrary file upload vulnerability. This means that any authenticated user can upload any type of file, even executable ones like PHP. An authenticated user can have any role: editor, subscriber, customer, etc. It does not matter and we will…