Showing 1 - 2 of 2

Files from Nex Team

First Active	2023-12-12
Last Active	2024-01-18

WordPress Backup Migration 1.3.7 Remote Command Execution: Posted Jan 18, 2024; Authored by jheysel-r7, Valentin Lobstein, Nex Team | Site metasploit.com; This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.; tags | exploit, remote, php; advisories | CVE-2023-6553; SHA-256 | 1feecca12306422ebe993c3821d87be77ad3056e719f9dcbae7c033f156e447f; Download | Favorite | View

WordPress Backup Migration 1.3.7 Remote Code Execution: Posted Dec 12, 2023; Authored by Nex Team | Site wordfence.com; WordPress Backup Migration plugin versions 1.3.7 and below suffer from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2023-6553; SHA-256 | 203e34e920d3b9a7fe4d03e187ec4eba212c533383031415d2c9a09ba3f9606c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days