WordPress Plugin Events Manager Extended – Persistent Cross-Site Scripting

• Exploit Database
• 127 阅读

• 作者： Craw
  日期： 2010-09-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14923/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

  # Author: Craw # Email: craw@element7.eu # Software Link: http://wordpress.org/extend/plugins/events-manager-extended/ # Version: 3.1.2 # Category: webapplications ======================================================= [+] ExploiT [1] : If you are allowed to leave a comment: Persistent XSS Vulnerability: You can inject Javascript Code in your comment. The Code will be displayed below the event.   [+] ExploiT [2] : If you are allowed to book an event: Persistent XSS Vulnerability: You can inject Javascript Code in [Name] ,[Email] , [Phonenumber] , [Comment] The Code will be displayed in the WordPress Backend -> http://www.site.com/wp-admin/admin.php?page=events-manager-people   ======================================================= Greetz @ LUXEMBOURG =======================================================