Showing posts with label Word Press. Show all posts
Showing posts with label Word Press. Show all posts

Monday, 27 May 2013

Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

# Exploit Title: ADIF Log Search Widget XSS Vulnerability
# Google Dork:
# Date: 26/05/13
# Exploit Author: k3170makan
# Version: 1.0e
# Tested on: Ubuntu 12.04.2 LTS
Wordpress ADIF log book search plugin widget suffers from a Cross Site Scripting vulnerability.

Saturday, 29 December 2012

Word Press Photo Plus Photo Search XSS/CSRF Vulnerability

The WordPress Photo Plus plugin suffers from a XSS/CSRF  Vulnerability.


# Exploit Title: Word Press Photo Plus, Photo Search XSS/CSRF Vulnerability
# Google Dork: inurl:plugins +inurl:wp-photo-album-plus +intext:"Photo Search"
# Date: 29/12/12
# Exploit Author: k3170makan
# Vendor Homepage: http://wordpress.org/extend/plugins/wp-photo-album-plus/
# Software Link: http://wordpress.org/extend/plugins/wp-photo-album-plus/
# Version: 4.8.11
# Tested on: Ubuntu 10.04

The new Wordpress Vuln and How to find its victims

A sample of the loot from the W3 Total Cache vuln
So an interesting little misconfiguration has reared its ugly head in some WordPress sites.The vulnerability effects all WordPress sites that make use of a plugin called "W3 Total Cache"---you can get it here---. 

In this post I'm going to discuss exactly what the vulnerability is and why its bad news and then I'll quickly discuss how to find some loot and show you some of the awesome loot you can dig out with something like this. Enjoy!