WordPress Plugin MDC Private Message 1.0.0 – Persistent Cross-Site Scripting

• Exploit Database
• 113 阅读

• 作者： Chris Kellum
  日期： 2015-08-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37907/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  # Exploit Title: WordPress MDC Private Message Persistent XSS # Date: 8/20/15 # Exploit Author: Chris Kellum # Vendor Homepage: http://medhabi.com/ # https://wordpress.org/plugins/mdc-private-message/ # Version: 1.0.0       ===================== Vulnerability Details =====================   The &apos;message&apos; field doesn&apos;t sanitize input, allowing a less privileged user (Editor, Author, etc.) to execute an XSS attack against an Administrator.   Proof of Concept:   Place <script>alert(&apos;Hello!&apos;)</script> in the message field of a private message and then submit.   Open the message and the alert window will fire.   =================== Disclosure Timeline ===================   8/16/15 - Vendor notified. 8/19/15 - Version 1.0.1 released. 8/20/15 - Public Disclosure.