Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-17451 PoC — WordPress WP Mailster插件跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-17451.yaml
Associated Vulnerability
Title:WordPress WP Mailster插件跨站脚本漏洞 (CVE-2017-17451)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。WP Mailster plugin是使用在其中的一个电子邮件插件。 WordPress WP Mailster插件1.5.5之前的版本中的unsubscribe handler存在跨站脚本漏洞。远程攻击者可通过向view/subscription/unsubscribe2.php文件发送‘mes’参数利用该漏洞在浏览器中执行脚本代码。
Description
WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
File Snapshot

 id: CVE-2017-17451

info:
  name: WordPress Mailster <=1.5.4 - Cross-Site Scripting
  author: daffai

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.