Wordpress Plugin How-Interest Cross-Site Scripting

Published
Credit
Risk
2017.07.11
@wazehell
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: inurl:"how-interest/how-interest.php"

Cross-Site Scripting Wordpress Plugin How-Interest
|########################################|
"#"#"#" PoC "#"#"#"
function how_interest_submit()
echo "name = " . $name . ", email = " . $email . ", date = " . $date; // widget.php
$name = $_POST['name']; // widget.php
$email = $_POST['email']; // widget.php
$date = time(); // widget.php
|########################################|
Dork :
inurl:"how-interest/how-interest.php"
Plugin Url :
https://fuc.wordpress.org/plugins/how-interest/
|########################################|
By : @wazehell


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com