Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-2287 PoC — WordPress Uploader插件‘blog’参数跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2013/CVE-2013-2287.yaml
Associated Vulnerability
Title:WordPress Uploader插件‘blog’参数跨站脚本漏洞 (CVE-2013-2287)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Uploader是其中的一个上传插件。 WordPress Uploader插件1.0.4版本中的views/notify.php脚本存在跨站脚本漏洞。远程攻击者可借助notify或blog参数利用该漏洞注入任意Web脚本或HTML。
Description
Multiple cross-site scripting  vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
File Snapshot

 id: CVE-2013-2287

info:
  name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
  author: da

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.