35 lines
802 B
Text
35 lines
802 B
Text
# Exploit Title: Wordpress Plugin: Wordpress Download Manager Free & Pro
|
|
Persistent Cross Site Scripting
|
|
|
|
# Google Dork:
|
|
|
|
# Date: 12-06-2013
|
|
|
|
# Exploit Author: IT Nerdbox
|
|
|
|
# Vendor Homepage: http://www.wpdownloadmanager.com # Software Link:
|
|
http://downloads.wordpress.org/plugin/download-manager.zip
|
|
|
|
# Version: v3.3.8
|
|
|
|
# Tested on: Wordpress 3.7.1 on Linux CentOS # CVE : N/A
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When creating a new download package you need to enter a title, description
|
|
and the file(s) that you want to be available for download. The title input
|
|
field is not sanitized and therefor vulnerable to persistent cross site
|
|
scripting. The payload used is <input onmouseover=prompt(document.cookie)>
|
|
|
|
|
|
|
|
|
|
|
|
More information, including screenshots, can be found at:
|
|
|
|
http://www.nerdbox.it/wordpress-download-manager-xss/
|
|
|