Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mhelwig/wp-webshell-xss
A simple wordpress webshell injector
https://github.com/mhelwig/wp-webshell-xss
Last synced: about 2 months ago
JSON representation
A simple wordpress webshell injector
- Host: GitHub
- URL: https://github.com/mhelwig/wp-webshell-xss
- Owner: mhelwig
- Created: 2016-04-25T15:52:06.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2016-04-25T16:03:19.000Z (over 8 years ago)
- Last Synced: 2024-06-26T06:34:46.983Z (3 months ago)
- Language: JavaScript
- Size: 1000 Bytes
- Stars: 4
- Watchers: 4
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-webshell - **3**星
README
# wp-webshell-xss
A simple wordpress webshell injector
This is an attack script to insert a simple webshell in a file of the wordpress plugin "Event Register" by making use of the Wordpress Plugin Editor feature.
It can be injected via a persistent XSS in the attendee's list.
Probably also useful with other persistent XSS vulnerabilities, though you would have to adapt the URLs to inject into another file.