WordPress Plugin MDC Private Message 1.0.0 – Persistent Cross-Site Scripting

Exploit Database
105 阅读

作者： Chris Kellum

日期： 2015-08-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37907/

# Exploit Title: WordPress MDC Private Message Persistent XSS
# Date: 8/20/15
# Exploit Author: Chris Kellum
# Vendor Homepage: http://medhabi.com/
# https://wordpress.org/plugins/mdc-private-message/
# Version: 1.0.0



=====================
Vulnerability Details
=====================

The 'message' field doesn't sanitize input, allowing a less privileged user (Editor, Author, etc.)
to execute an XSS attack against an Administrator.

Proof of Concept: 

Place <script>alert('Hello!')</script> in the message field of a private message and then submit.

Open the message and the alert window will fire.

===================
Disclosure Timeline
===================

8/16/15 - Vendor notified.
8/19/15 - Version 1.0.1 released.
8/20/15 - Public Disclosure.

last Exploits
WordPress Plugin MDC Private Message 1.0.0 – Persistent Cross-Site Scripting的更多信息

Oracle Demantra 12.2.1 – SQL Injection：
WordPress Plugin BuddyPress 1.2.10 / WordPress Theme DEV Blogs Mu 1.2.6 (WordPress 3.1.4) – Regular Subscriber HTML Injection：
Squirrelcart PRO 3.0.0 – Blind SQL Injection：
Extreme Mobster – ‘login’ Cross-Site Scripting：
WordPress Plugin NextGEN Gallery 1.5.1 – Cross-Site Scripting：
Monitorr 1.7.6m – Authorization Bypass：
Easy Banner 2009.05.18 – ‘/member.php’ Multiple SQL Injection / Authentication Bypass：
Cybrotech CyBroHttpServer 1.0.3 – Cross-Site Scripting：