qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/WordPress-WP-Live-Chat-Supp...

128 lines
5.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "WordPress WP Live Chat Support Pro Plugin < 8.0.26 Arbitrary File Upload Vulnerability",
"Description": "<p>WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WP Live Chat Support Pro plugin is one of the live chat plugins used in it.</p><p>A code issue vulnerability exists in the WordPress WP Live Chat Support Pro plugin 8.0.26 and earlier. The vulnerability arises from an improper design or implementation problem in the code development process of the network system or product.</p>",
"Product": "wp-live-chat-support",
"Homepage": "https://wordpress.org/plugins/wp-live-chat-support/",
"DisclosureDate": "2019-05-07",
"Author": "sharecast",
"FofaQuery": "body=\"/wp-content/plugins/wp-live-chat-support/\" || app=\"WordPress\"",
"GobyQuery": "body=\"/wp-content/plugins/wp-live-chat-support/\" || app=\"WordPress\"",
"Level": "3",
"Impact": "<p>Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.<br></p>",
"Recommendation": "<p>At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch:</p><p><a href=\"https://wordpress.org/plugins/wp-live-chat-support/#developers\">https://wordpress.org/plugins/wp-live-chat-support/#developers</a></p>",
"References": [
"https://wpscan.com/vulnerability/9320"
],
"Is0day": false,
"HasExp": true,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"File Upload"
],
"VulType": [
"File Upload"
],
"CVEIDs": [
"CVE-2019-11185"
],
"CNNVD": [
"CNNVD-201906-033"
],
"CNVD": [
""
],
"CVSSScore": "9.8",
"Translation": {
"CN": {
"Name": "WordPress WP Live Chat Support Pro插件 < 8.0.26 任意文件上传漏洞",
"Product": "wp-live-chat-support",
"Description": "<p>WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WP Live Chat Support Pro plugin是使用在其中的一个实时聊天插件。</p><p>WordPress WP Live Chat Support Pro插件8.0.26及之前版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。</p>",
"Recommendation": "<p><span style=\"color: var(--primaryFont-color);\">目前厂商已发布升级补丁以修复漏洞,补丁获取链接:</span><br><a href=\"https://codecanyon.net/item/fancy-product-designer-woocommercewordpress/6318393\"></a></p><p><a href=\"https://wordpress.org/plugins/wp-live-chat-support/#developers\">https://wordpress.org/plugins/wp-live-chat-support/#developers</a></p>",
"Impact": "<p>攻击者可通过该漏洞在服务器端任意执行代码写入后门获取服务器权限进而控制整个web服务器。<br></p>",
"VulType": [
"⽂件上传"
],
"Tags": [
"⽂件上传"
]
},
"EN": {
"Name": "WordPress WP Live Chat Support Pro Plugin < 8.0.26 Arbitrary File Upload Vulnerability",
"Product": "wp-live-chat-support",
"Description": "<p>WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WP Live Chat Support Pro plugin is one of the live chat plugins used in it.</p><p>A code issue vulnerability exists in the WordPress WP Live Chat Support Pro plugin 8.0.26 and earlier. The vulnerability arises from an improper design or implementation problem in the code development process of the network system or product.</p>",
"Recommendation": "<p>At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch:</p><p><a href=\"https://wordpress.org/plugins/wp-live-chat-support/#developers\">https://wordpress.org/plugins/wp-live-chat-support/#developers</a></p>",
"Impact": "<p>Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.<br></p>",
"VulType": [
"File Upload"
],
"Tags": [
"File Upload"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink