UBUNTU-CVE-2022-3590

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden...

CVE-2022-3590

WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress suffers from a code issue vulnerability that stems from unauthenticated server-side request forgery ...

PT-2022-23007

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 6.1.1 WordPress versions 4.1 Description The issue is related to an unauthenticated blind SSRF in the pingback feature of WordPress. This occurs due to a TOCTOU Time-of-Check-to-Time-of-Use race condition between th...

WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding

Description WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. PoC...

Malicious code in @adam_baldwin/pingback (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f588b73737abec3fff361bbdc2e62cf8bd2969cbff8e191ce69b6bb349dfbcc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-58 Malicious code in @adam_baldwin/pingback (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f588b73737abec3fff361bbdc2e62cf8bd2969cbff8e191ce69b6bb349dfbcc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Powershell Exec, Windows x86 Pingback, Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/powershell/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...

Powershell Exec, Windows x64 Pingback, Reverse TCP Inline

Execute an x64 payload from a command via PowerShell. Connect back to attacker and report UUID Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...

Acronis: [CVE-2021-44228] Arbitrary Code Execution on ng01-cloud.acronis.com

Vulnerability description not provided...

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection

Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages Internet Control Message Protocol ICMP tunneli...

U.S. Dept Of Defense: Blind Stored XSS on the internal host - █████████████

The vulnerability was a blind stored XSS on an internal host. The payload was triggered from the endpoint https://███████████████/NSSI/controlcenterV2/index.htm?directlink&courses/classes/findstudent&&&&&&&& and was found in the Referer header. The vulnerable URL was not accessible from outside t...

Windows x86 Pingback, Bind TCP Inline

Open a socket and report UUID when a connection is received Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 314 include Msf::Payload::Windows include Msf::Payload::Sing...

Python Pingback, Reverse TCP (via python)

Connects back to the attacker, sends a UUID, then terminates module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python include Msf::Payload::Pingback include Msf::Payload::Pingback::Options def initializeinfo = supermergeinfoinfo, 'Name' = 'Python...

Ruby Pingback, Bind TCP

Listens for a connection from the attacker, sends a UUID, then terminates module MetasploitModule CachedSize = 103 include Msf::Payload::Single include Msf::Payload::Ruby include Msf::Payload::Pingback include Msf::Payload::Pingback::Options def initializeinfo = supermergeinfoinfo, 'Name' = 'Ruby...

Windows x86 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 307 include Msf::Payload::Windows include Msf::Payload::Single include...

Unix Command Shell, Pingback Bind TCP (via netcat)

Accept a connection, send a UUID, then exit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 103 include Msf::Payload::Single include Msf::Payload::Pingback include...

Unix Command Shell, Pingback Reverse TCP (via netcat)

Creates a socket, send a UUID, then exit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 99 include Msf::Payload::Single include Msf::Payload::Pingback include...

Linux x64 Pingback, Bind TCP Inline

Accept a connection from attacker and report UUID Linux x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 109 include Msf::Payload::Linux::X64::Prepends include...

Python Pingback, Bind TCP (via python)

Listens for a connection from the attacker, sends a UUID, then terminates module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python include Msf::Payload::Pingback include Msf::Payload::Pingback::Options def initializeinfo = supermergeinfoinfo, 'Name' ...