Vulners
Lucene search
WordPress Count Per Day 3.2.3 Cross Site Scripting
`###################################################################################
# Exploit Title: wordpress Count per Day Cross Site Scripting Vulnerability
#
# Google Dork:inurl:/wp-content/plugins/count-per-day
#
# Date: 08/24/2012
#
# Author: Crim3R
#
# Version 3.2.3
#
# Vendor Home : http://downloads.wordpress.org/plugin/count-per-day.3.2.3.zip
#
# Tested on: all
#
###################################################################################
$
$ Author will be not responsible for any damage.
$
###################################################################################
========================================
first notes.php is not restricted to admin and anyone can access it directty by
browser => an attacker can add notes witch
can be html codes => its Stored Xss
goto WP-path/wp-content/plugins/count-per-day/notes.php
in the notes section add html code and click Add
D3M0 :
http://www.christinedesavino.com/blog/wp-content/plugins/count-per-day
http://www.dhakadakshinghsc.com/wp-content/plugins/count-per-day/
www.watansport.net/ara/wp-content/plugins/count-per-day/
[email protected]===========
$home = %00
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Aug 2012 00:00Current