WordPress Plugin MDC Private Message 1.0.0 – Persistent Cross-Site Scripting

Exploit Database
36 阅读

作者： Chris Kellum

日期： 2015-08-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37907/

# Exploit Title: WordPress MDC Private Message Persistent XSS
# Date: 8/20/15
# Exploit Author: Chris Kellum
# Vendor Homepage: http://medhabi.com/
# https://wordpress.org/plugins/mdc-private-message/
# Version: 1.0.0



=====================
Vulnerability Details
=====================

The 'message' field doesn't sanitize input, allowing a less privileged user (Editor, Author, etc.)
to execute an XSS attack against an Administrator.

Proof of Concept: 

Place <script>alert('Hello!')</script> in the message field of a private message and then submit.

Open the message and the alert window will fire.

===================
Disclosure Timeline
===================

8/16/15 - Vendor notified.
8/19/15 - Version 1.0.1 released.
8/20/15 - Public Disclosure.

last Exploits
WordPress Plugin MDC Private Message 1.0.0 – Persistent Cross-Site Scripting的更多信息

Schaf-CMS 1.0 – SQL Injection：
IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 – Cross-Site Scripting：
Simple Online Hotel Reservation System – Cross-Site Request Forgery (Add Admin)：
Collabtive 1.0 – ‘manageuser.php’ SQL Injection：
Humhub 0.10.0-rc.1 – Multiple Persistent Cross-Site Scripting Vulnerabilities：
Topsites Script 1.0 – Cross-Site Request Forgery / PHP Code Injection：
Google Invisible RECAPTCHA 3 – Spoof Bypass：
Vanelo – SQL Injection：