Wordpress Ad King Pro Stored XSS Vulnerability

2015.12.14
Credit: ALIREZA_PROMIS
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

#################################################### # Exploit Title: Wordpress Ad King Pro Stored XSS Vulnerability # Date: 2015/dec/27 # Exploit Author: ALIREZA_PROMIS # Vendor Homepage: https://wordpress.org/plugins/adkingpro/ # Software Link: https://downloads.wordpress.org/plugin/adkingpro.1.9.17.zip # Version: 1.9.17 # Tested on: windows 7 / FireFox #################################################### #Exploitation : For Exploiting This Vulnerability You Should Install "Ad King Pro" http://programadoraweb.es/wp-admin/post-new.php?post_type=adverts_posts In "adver image attributes" and "Campaign (GA Category)" and "Banner Name (GA Label)" textbox Can Place Your JavaScript Code and click on "Publish" . #execute 1 - in edit page : after click on publish and refresh page run your javascript code . 2 - in edit page : when you try for edit your advert , execute your js code : http://localhost/wp-admin/post.php?post=[post_id]&action=edit { you can steal admin cookie with moderator access } #################################################### # Special Thanks: Sajjad Sotoudeh # http://iransec.net/forums # Mr.Moein , sheytan azzam , Mr.PERSIA , HellBoy.Blackhat , Jok3r # Sajjad Sotoudeh, Kamran Helish , Dr.RooT , Milad Inj3ctor , Mr,Turk # # [+] fb.com/alirezapomis.blackhat ####################################################

References:

http://iransec.net/forums


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top