Multiple WordPress WooThemes Themes – ‘test.php’ Cross-Site Scripting

Exploit Database
27 阅读

作者： MustLive

日期： 2011-06-06
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35830/

source: https://www.securityfocus.com/bid/48110/info

Multiple WordPress WooThemes (Live Wire) are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 

http://www.example.com/wp-content/themes/_theme's_name_/includes/test.php?a[]=%3Cscript%3Ealert(document.cookie)%3C/script%3E

last Exploits
Multiple WordPress WooThemes Themes – ‘test.php’ Cross-Site Scripting的更多信息

SQL Buddy 1.3.3 – Remote Code Execution：
Markdownify 1.2.0 – Persistent Cross-Site Scripting：
XCMS v1.83 – Remote Command Execution (RCE)：
AiOPMSD Final 1.0.0 – ‘q’ SQL Injection：
justVisual 2.0 – ‘index.php’ Local File Inclusion：
systemsoftware Community Black – ‘index.php’ SQL Injection：
2DayBiz Auction Script – Authentication Bypass：
MC Content Manager 10.1 – SQL Injection / Cross-Site Scripting：