Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################################################
- # Exploit Title: wordpress Count per Day Cross Site Scripting Vulnerability
- #
- # Google Dork:inurl:/wp-content/plugins/count-per-day
- #
- # Date: 08/24/2012
- #
- # Author: Crim3R
- #
- # Version 3.2.3
- #
- # Vendor Home : http://downloads.wordpress.org/plugin/count-per-day.3.2.3.zip
- #
- # Tested on: all
- #
- ###################################################################################
- $
- $ Author will be not responsible for any damage.
- $
- ###################################################################################
- ========================================
- first notes.php is not restricted to admin and anyone can access it directty by
- browser => an attacker can add notes witch
- can be html codes => its Stored Xss
- goto WP-path/wp-content/plugins/count-per-day/notes.php
- in the notes section add html code and click Add
- D3M0 :
- http://www.christinedesavino.com/blog/wp-content/plugins/count-per-day
- http://www.dhakadakshinghsc.com/wp-content/plugins/count-per-day/
- www.watansport.net/ara/wp-content/plugins/count-per-day/
- ===============Crim3R@Att.Net===========
- $home = %00
- thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement