WordPress Plugin Beer Recipes 1.0 – Cross-Site Scripting

• Exploit Database
• 115 阅读

• 作者： TheUzuki.'
  日期： 2011-06-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17453/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

  # Exploit Title: WordPress - Beer Recipes v.1.0 XSS # Google Dork: - # Date: June / 25 / 2011 # Author: TheUzuki.&apos; # Software Link: http://opensourcebrew.org/beer-recipes-plugin/ # Version: v.1.0 # Tested on: Windows 7 # CVE : -   #################################################################### # SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities # download: http://opensourcebrew.org/beer-recipes-plugin/ # # Author: TheUzuki.&apos; from HF # mail: uzuki[@]live[dot]de # # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. # #################################################################### # # Notes: You need to be User at the WordPress Board # ####################################################################   --Description of WordPress Plugin--   Creates a custom post type for easily entering beer recipes into WordPress   --Exploit--   By Commenting a Beer Recip, with a javascript, the Javascripts,gets executed directly. This causes a XSS.   --PoC--   <script>alert(document.cookie)</script>