Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2012-4768 PoC — WordPress Download Monitor插件跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2012/CVE-2012-4768.yaml
Associated Vulnerability
Title:WordPress Download Monitor插件跨站脚本漏洞 (CVE-2012-4768)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Download Monitor是其中的一个管理文件下载的插件。 WordPress Download Monitor插件3.3.5.7及之前版本中存在跨站脚本漏洞,该漏洞源于默认的URI没有充分过滤‘dlsearch’参数。远程攻击者可利用该漏洞注入任意Web脚本或HTML。
Description
A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.
File Snapshot

 id: CVE-2012-4768

info:
  name: WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting


...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.