API tools faq
paste
GhostSecCanada

BILL GATES TERRAPOWER ADMIN LOGIN EXPLOIT

GhostSecCanada
Nov 3rd, 2020
560
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.25 KB | None | 0 0
raw download clone embed print report
  1. Bill Gates is co-founder of Microsoft, co-chair of the Bill & Melinda Gates Foundation, and founder and chairman of TerraPower. In 1975, Gates founded Microsoft with Paul Allen, and led the company to become the worldwide leader in business and personal software and services.
  2.  
  3. https://www.terrapower.com
  4.  
  5. https://www.terrapower.com/wp-admin/css/login.min.css?ver=5.4.2
  6.  
  7. WordPress 5.4.x < 5.4.2 Multiple Vulnerabilities
  8. MEDIUM Web Application Scanning Plugin ID 112479
  9. Synopsis
  10. WordPress 5.4.x < 5.4.2 Multiple Vulnerabilities
  11. Description
  12. According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities :
  13.  
  14. - A cross-site scripting (XSS) vulnerability exist in the block editor.
  15.  
  16. - A cross-site scripting (XSS) vulnerability exist in media files.
  17.  
  18. - An open redirect vulnerability exists in wp_validate_redirect().
  19.  
  20. - A cross-site scripting (XSS) vulnerability exist in theme uploads.
  21.  
  22. - A privilege escalation vulnerability exists in set-screen-option.
  23.  
  24. - An authorization bypass vulnerability exists in password-protected posts and pages.
  25.  
  26. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
  27. Solution
  28. Update to WordPress version 5.4.2 or latest.
  29. See Also
  30. https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
  31.  
  32. https://wordpress.org/support/wordpress-version/version-5-4-2/
  33.  
  34. Plugin Details
  35. Severity: Medium
  36.  
  37. ID: 112479
  38.  
  39. Type: remote
  40.  
  41. Family: Component Vulnerability
  42.  
  43. Published: 2020/06/26
  44.  
  45. Updated: 2020/06/26
  46.  
  47. Risk Information
  48. Risk Factor: Medium
  49.  
  50. CVSS v2.0
  51. Base Score: 4.3
  52.  
  53. Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
  54.  
  55. CVSS v3.0
  56. Base Score: 6.1
  57.  
  58. Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  59.  
  60. Vulnerability Information
  61. CPE: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
  62.  
  63. Exploit Available: true
  64.  
  65. Patch Publication Date: 2020/06/10
  66.  
  67. Vulnerability Publication Date: 2020/06/10
  68.  
  69. Reference Information
  70. CWE: 79, 284, 601
  71.  
  72. WASC: Cross-Site Scripting, Insufficient Authorization, URL Redirector Abuse
  73.  
  74. OWASP: 2010-A10, 2010-A2, 2010-A4, 2010-A8, 2013-A10, 2013-A3, 2013-A4, 2013-A7, 2013-A9, 2017-A5, 2017-A7, 2017-A9
  75.  
  76. OWASP_API: 2019-API7
  77.  
  78. #EyePhuckBitches
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!