WordPress Share This Image 1.03 Cross Site Scripting

WordPress Share This Image 1.03 Cross Site Scripting: Posted Dec 18, 2017; Authored by Ricardo Sanchez; WordPress Share This Image plugin version 1.03 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | b5a4b0b2e1b0bcb45a5472fdfd5c1e59a4ffb7e2f4a2f30c7e77361235912758; Download | Favorite | View

WordPress Share This Image 1.03 Cross Site Scripting

Class Input Validation Error
Remote  Yes

Credit Ricardo Sanchez
Vulnerable Share This Image 1.03

Share This Image is prone to a stored cross-site scripting
vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This
may allow the attacker to steal cookie-based authentication credentials and
to launch other attacks.

To exploit this issue following steps:
The XSS reflected because the value urlis not filter correctly:


Demo Request:
http://localhost//wordpress/wp-content/plugins/share-this-
image/sharer.php?url=</script>"><script>alert("R1XS4.COM")</script>

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

WordPress Share This Image 1.03 Cross Site Scripting

WordPress Share This Image 1.03 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems