Content Spoofing @ https://irclogs.wordpress.org/
Low
W
WordPress
Submitted None
Actions:
Reported by
hackerwahab
Vulnerability Details
Technical details and impact analysis
Hello,
Greetings,
Today I was Free So I Decided to Do Pentest WordPress So i Found a SubDomain which is Vulnerable to Plain text Content Spoofing.
PoC:-
Url:-
https://irclogs.wordpress.org/chanlog.php?channel=wordpress&day=[Message Goes Here]&sort=asca
Example:-
https://irclogs.wordpress.org/chanlog.php?channel=wordpress&day=today%20is%20not%20found%20because%20Wordpress%20Is%20Currently%20Down%20Kindly%20Visit%20Phishing.com%20and%20Login%20with%20Your%20Account%20For%20Further%20Details.%20Regards,%20Wordpress%20Team.&sort=asca
Thanks,
Abdulwahab Khan,
Independent Cyber Security Researcher
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic