WordPress Theme RedLine 1.65 – ‘s’ Cross-Site Scripting

Exploit Database
138 阅读

作者： SiteWatch

日期： 2011-09-30
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36191/

source: https://www.securityfocus.com/bid/49880/info

The RedLine theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

RedLine theme prior to 1.66 are vulnerable.

http://www.example.com/?s="%20%3e%3c/link%3e%3cScRiPt%3ealert(123)%3c/ScRiPt%3e

last Exploits
WordPress Theme RedLine 1.65 – ‘s’ Cross-Site Scripting的更多信息

Bakeshop Online Ordering System 1.0 – ‘Owner’ Persistent Cross-site scripting：
Linear eMerge E3 1.00-06 – Remote Code Execution：
Prestashop 1.7.6.4 – Cross-Site Request Forgery：
Client Management System 1.0 – ‘searchdata’ SQL injection：
Invoice Template – ‘hash’ SQL Injection：
Twilight CMS – DeWeS Web Server Directory Traversal：
WordPress Plugin WebDorado Gallery 1.3.29 – SQL Injection：
HTMLy Version v2.9.6 – Stored XSS：