WordPress Plugin Count Per Day 3.2.3 – Cross-Site Scripting

• Exploit Database
• 121 阅读

• 作者： Crim3R
  日期： 2012-08-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20862/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44

  ###################################################################################   # Exploit Title: wordpress Count per Day Cross Site Scripting Vulnerability # # Google Dork:inurl:/wp-content/plugins/count-per-day # # Date: 08/24/2012 # # Author: Crim3R # # Version 3.2.3 # # Vendor Home : http://downloads.wordpress.org/plugin/count-per-day.3.2.3.zip # # Tested on: all # ###################################################################################   $ $Author will be not responsible for any damage. $ ###################################################################################   ======================================== first notes.php is not restricted to admin and anyone can access it directty by browser => an attacker can add notes witch   can be html codes => its Stored Xss goto WP-path/wp-content/plugins/count-per-day/notes.php in the notes section add html code and click Add D3M0 : http://www.christinedesavino.com/blog/wp-content/plugins/count-per-day   http://www.dhakadakshinghsc.com/wp-content/plugins/count-per-day/   www.watansport.net/ara/wp-content/plugins/count-per-day/     ===============Crim3R@Att.Net===========   $home = %00 thanks to :2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir