XML External Entity Via MP3 File Upload On WordPress
Posted by deepcore on June 16, 2021 – 10:41 pm
This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
Post a reply
You must be logged in to post a comment.