WordPress Plugin Events Manager Extended – Persistent Cross-Site Scripting

• Exploit Database
• 32 阅读

• 作者： Craw
  日期： 2010-09-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14923/

• # Author: Craw
  # Email: craw@element7.eu 
  # Software Link: http://wordpress.org/extend/plugins/events-manager-extended/
  # Version: 3.1.2
  # Category: webapplications
   
  =======================================================
   
   
  [+] ExploiT [1] : If you are allowed to leave a comment:
  	
  	Persistent XSS Vulnerability: You can inject Javascript Code in your comment.
  	The Code will be displayed below the event.
  
  	
  [+] ExploiT [2] : If you are allowed to book an event:
   
   Persistent XSS Vulnerability: You can inject Javascript Code in [Name] ,[Email] , [Phonenumber] , [Comment]
   The Code will be displayed in the WordPress Backend -> http://www.site.com/wp-admin/admin.php?page=events-manager-people
   
  
  =======================================================
  Greetz @ LUXEMBOURG
  =======================================================