WordPress Plugin Banners Lite – ‘wpbanners_show.php’ HTML Injection

Exploit Database
14 阅读

作者： Fernando A. Lagos B

日期： 2013-03-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38410/

source: https://www.securityfocus.com/bid/58671/info

The Banners Lite plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 

http://www.example.com/wordpress/wp-content/plugins/wp-banners-lite/wpbanners_show.php?id=1&cid=a_<script>alert(/XSSProof-of-Concept/)</script>

last Exploits
WordPress Plugin Banners Lite – ‘wpbanners_show.php’ HTML Injection的更多信息

Joomla! Component Joomsport – SQL Injection / Arbitrary File Upload：
RJ-iTop Network Vulnerability Scanner System – Multiple SQL Injections：
AJ Matrix 3.1 – ‘id’ Multiple SQL Injections：
Bitweaver 2.8.0 – Multiple Vulnerabilities：
Strapi 3.0.0-beta – Set Password (Unauthenticated)：
PCViewer vt1000 – Directory Traversal：
iScripts SonicBB 1.0 – Reflected Cross-Site Scripting (PoC)：
Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 – Multiple Vulnerabilities：