WordPress Testimonial Slider plugin version 1.2.1 suffers from a stored cross site scripting vulnerability.
c42a3e7a53fa032347f8db34ca336504c038103182ac19af39975cd7d2507601 GhostMail <!--
# Exploit Title: Wordpress Testimonial Slider Stored XSS
# Date: 2015/8/31
# Exploit Author: Arash Khazaei
# Vendor Homepage: https://wordpress.org/plugins/testimonial-slider/
# Software Link:
https://downloads.wordpress.org/plugin/testimonial-slider.1.2.1.zip
# Version: 1.2.1
# Tested on: Kali , Iceweasel Browser
# CVE : N/A
# Contact : twitter.com/0xClay
# Email : junkyboy@ghostmail.com
# Site : http://bhunter.ir
# Intrduction :
# Wordpress Testimonial Slider Plugin Have 10,000+ Active Install
# And Suffer From A Stored XSS Vulnerability In Slider Name Section .
# Authors , Editors And Of Course Administrators Can Use This Vulnerability
To Harm WebSite .
-->
Exploit :
For Exploiting This Vulnerability Install Testimonial Slider Plugin
Then Create New Slider In Slider Name Input Place Your JavaScript Code
After Creating Slider JavaScript Code Will Be Executed .
Image POC :
Vulnerable Code :
<h3><?php _e('Reorder the Posts/Pages Added To','testimonial-slider'); ?>
<?php echo $slider['slider_name'];?>(Slider ID = <?php echo
$slider['slider_id'];?>)</h3>
For Patching :
<h3><?php _e('Reorder the Posts/Pages Added To','testimonial-slider'); ?>
<?php echo htmlspecialchars($slider['slider_name']);?>(Slider ID = <?php
echo $slider['slider_id'];?>)</h3>
<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->
This email was sent from Secure GhostMail <https://www.ghostmail.com>.
Easy and free encrypted email, chat and cloud storage for everybody. Free
sign up now <https://www.ghostmail.com>.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed