关联漏洞
标题:WordPress plugin Popup Builder 信息泄露漏洞 (CVE-2023-5561)Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Popup Builder 4.1.15 版本及之前版本存在信息泄露漏洞,该漏洞源于在将某些字段回显至页面之前,没有经过充分的转义和清理。
Description
Updated POC for Unauth Post Author Email Disclosures WordPress CVE-2023-5561
介绍
# CVE-2023-5561-POC-Updated
This repository contains a modified version of the original Proof-of-Concept (PoC) for CVE-2023-5561. The original PoC, which can be found <a href=https://github.com/pog007/CVE-2023-5561-PoC>here</a>, sends a high volume of requests in parallel, which may trigger Web Application Firewalls (WAFs) or cause the server to block the connection due to excessive traffic.
# Modification
- Added a 10-second delay between each request in the bruteforce_search function using time.sleep(10). This helps prevent the PoC from overwhelming the target server.
- The core functionality of the exploit remains unchanged, ensuring the PoC still works effectively while reducing the likelihood of detection and blocking.
# Usage
``` python3 poc.py <target site root url> ```
This version is useful for conducting responsible security assessments while minimizing the risk of being blocked due to aggressive request patterns.
文件快照
[4.0K] /data/pocs/379a126c1f0efbe051fdb7e455f30ad60739e97a
├── [2.5K] poc.py
└── [ 944] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。