Posts

Showing posts with the label Word Press Exploit

Wordpress Plugin - ADIF Log Search Widget XSS Vulnerability

Image
# Exploit Title: ADIF Log Search Widget XSS Vulnerability # Google Dork: # Date: 26/05/13 # Exploit Author: k3170makan # Vendor Homepage: http://wordpress.org/plugins/adif-log-search-widget/ # Software Link: http://wordpress.org/plugins/adif-log-search-widget/ # Version: 1.0e # Tested on: Ubuntu 12.04.2 LTS Wordpress ADIF log book search plugin widget suffers from a Cross Site Scripting vulnerability.

Word Press Photo Plus Photo Search XSS/CSRF Vulnerability

The WordPress Photo Plus plugin suffers from a XSS/CSRF  Vulnerability.


# Exploit Title: Word Press Photo Plus, Photo Search XSS/CSRF Vulnerability
# Google Dork: inurl:plugins +inurl:wp-photo-album-plus +intext:"Photo Search"
# Date: 29/12/12
# Exploit Author: k3170makan
# Vendor Homepage: http://wordpress.org/extend/plugins/wp-photo-album-plus/
# Software Link: http://wordpress.org/extend/plugins/wp-photo-album-plus/
# Version: 4.8.11
# Tested on: Ubuntu 10.04

The new Wordpress Vuln and How to find its victims

Image
So an interesting little misconfiguration has reared its ugly head in some WordPress sites.The vulnerability effects all WordPress sites that make use of a plugin called "W3 Total Cache"---you can get it here---. 

In this post I'm going to discuss exactly what the vulnerability is and why its bad news and then I'll quickly discuss how to find some loot and show you some of the awesome loot you can dig out with something like this. Enjoy!


Labels

Show more