WordPress Theme White-Label Framework 2.0.6 – Cross-Site Scripting

Exploit Database
15 阅读

作者： Outlasted

日期： 2015-09-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38105/

# Exploit Title: WordPress White-Label Framework XSS
# Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymail_iframe.php
# Date: 7 September 2015
# Exploit Author: Outlasted
# Software Link: wordpress.com / http://whitelabelframework.com/
# Version: 2.0.6
#Greetz to: TeaMp0isoN
=====================================================
Vulnerable url: /wp-content/themes/whitelabel-framework/inc/form-sharebymail_iframe.php


=====================================================
How to exploit?
----------------------------------------------------------------------------------------------------------

Enter your XSS payload in all forms and watch the magic.

last Exploits
WordPress Theme White-Label Framework 2.0.6 – Cross-Site Scripting的更多信息

Command School Student Management System – ‘/sw/admin_titles.php?id’ SQL Injection：
Marinet CMS – ‘galleryphoto.php?id’ SQL Injection：
Support4Arabs Pages 2.0 – SQL Injection：
D-Link – Multiple Vulnerabilities：
Wazzum Dating Software – Multiple Vulnerabilities：
MyBB 1.6.6 – ‘index.php?conditions[usergroup][]’ Cross-Site Scripting：
pimCore v5.4.18-skeleton – Sensitive Cookie with Improper SameSite Attribute：
DomainMOD 4.11.01 – ‘assets/edit/host.php?whid=5’ Cross-Site Scripting：