2f2ccec5c2
8 new exploits Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes) Joomla! Component 'com_spidercalendar' - SQL Injection Joomla! Component Spider Calendar - SQL Injection Joomla! Component 'com_spidercatalog' - 'Product_ID' Parameter SQL Injection Joomla! Component Spider Catalog 1.1 - 'Product_ID' Parameter SQL Injection Joomla! Component 'com_spidercalendar' - 'date' Parameter Blind SQL Injection Joomla! Component Spider Calendar - 'date' Parameter Blind SQL Injection Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection Joomla! Component Spider Calendar 3.2.6 - SQL Injection Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' Parameter SQL Injection Joomla! Component 'com_spiderfaq' - SQL Injection Joomla! Component Spider FAQ - SQL Injection Joomla! Component Spider Calendar Lite 3.2.16 - SQL Injection Joomla! Component Spider Catalog Lite 1.8.10 - SQL Injection Joomla! Component Spider Facebook 1.6.1 - SQL Injection Joomla! Component Spider FAQ Lite 1.3.1 - SQL Injection WordPress Plugin Corner Ad 1.0.7 - Cross-Site Scripting dotCMS 3.6.1 - Blind Boolean SQL Injection Joomla! Component JEmbedAll 1.4 - SQL Injection
44 lines
1.2 KiB
Text
Executable file
44 lines
1.2 KiB
Text
Executable file
# Exploit Title: Authorized Stored XSS at WordPress Corner-Ad plugin.
|
|
# Google Dork: inurl:/wp-content/plugins/corner-ad
|
|
# Date: 16-02-17
|
|
# Exploit Author: Atik Rahman
|
|
# Vendor Homepage: https://wordpress.org/plugins/corner-ad/
|
|
# Software Link: https://downloads.wordpress.org/plugin/corner-ad.zip
|
|
# Version: 1.0.7
|
|
# Tested on: Firefox 44, Windows10
|
|
|
|
|
|
Vendor Description
|
|
---------------------
|
|
|
|
*Corner Ad* is a plugin which display you ads in a corner of your
|
|
WordPress website page.
|
|
|
|
The Plugin has 1,000+ active install.
|
|
|
|
|
|
Stored XSS in Ad Name
|
|
----------------------
|
|
|
|
Ad name input fields aren't properly escaped. This
|
|
could lead to an XSS attack that could possibly affect
|
|
administrators,users,editor.
|
|
|
|
|
|
|
|
|
|
1. Go to http://localhost/wp-admin/options-general.php?page=corner-ad.php
|
|
|
|
2. Click on create new Add button.
|
|
|
|
3. And Use Ad name as "/><svg/onload=prompt(document.domain)> *Fill
|
|
the other field.
|
|
|
|
4.Now Click on save corner Add button when it's add a new add go to the
|
|
http://localhost/wp-admin/options-general.php?page=corner-ad.php
|
|
for corner add list. And now Your xss will
|
|
|
|
be executed.
|
|
|
|
5. If a normal editor,author visit the corner add list page xss will
|
|
effect them also.
|