WordPress Comment Attachment plugin version 1.0 suffers from a cross site scripting vulnerability.
ee16f6f50293855bcd58cc0c73ac5efb633bd28634e6029c4580e4b6cda87866#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# Exploit Title: WordPress Comment Attachment 1.0 <= Cross Site Scripting
# Date: 2013 20 September
# Author: Arsan
# Software Link: http://wordpress.org/plugins/comment-attachment/
# Version : 1.0
# Tested on: Linux & Windows
# Category: webapps
# Google Dork : inurl:"/comment-attachment/comment-attachment.php"
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Exploit :
#
# [-] Description :
#
# 1) Download "Comment Attachment" And Install
# 2) Go To Sitting Comment Attachment :
# Settings > Discussion > Comment Attachment
# 3) Insert In "Attachment field title" This Code And Save :
# "><script>alert(/Arsan/)</script>
# 4) And Try To See Your Post And Comment; Follow Link :
# http://localhost/wp/?p=1
#
# [You See Alert "Arsan"] ~> ;)
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Contact Me :
#
# Arsan.Blackhat@gmail.com
# Twitter.com/ArsanBlackhat
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
# I L0ve Inj3ct0r Team
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed