Vulners
Lucene search
WordPress Captain Slider 1.0.6 Cross Site Scripting
`--e89a8ff1ccaefae749051e667db5
Content-Type: text/plain; charset=UTF-8
<!--
# Exploit Title: Wordpress Captain Slider Stored XSS
# Date: 2015/8/29
# Exploit Author: Arash Khazaei .
# Vendor Homepage: https://wordpress.org/plugins/captain-slider/
# Software Link: https://downloads.wordpress.org/plugin/captain-slider.zip
# Version: 1.0.6
# Tested on: Kali , Iceweasel Browser
# CVE : N/A
# Contact : http://twitter.com/0xClay
# Email : [email protected]
# Site : http://bhunter.ir
# Intrduction :
# Wordpress Captain Slider Plugin Have 3000+ Active Install
# And Suffer From A Stored XSS Vulnerability In Title And Caption Section .
# Authors , Editors And Of Course Administrators This Vulnerability To Harm
WebSite .
# Exploit :
# To Exploit This Vulnerability Go To Manage Silder Section And Add Slider
In Title And Caption add Your Js Code .
# After Adding New Slider Go To Sorter Section Then You Can See Js Codes
Executed .
Vulnerable Code :
-->
<th class="column-order"><?php _e('Order', 'ctslider'); ?></th>
<th class="column-thumbnail"><?php _e('Slide Image', 'ctslider');
?></th>
<th class="column-title"><?php _e('Title', 'ctslider'); ?></th>
<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->
--e89a8ff1ccaefae749051e667db5
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><!--<br># Exploit Title: Wordpress Captain Slider Store=
d XSS<br># Date: 2015/8/29<br># Exploit Author: Arash Khazaei .<br># Vendor=
Homepage: <a href=3D"https://wordpress.org/plugins/captain-slider/">https:=
//wordpress.org/plugins/captain-slider/</a><br># Software Link: <a href=3D"=
https://downloads.wordpress.org/plugin/captain-slider.zip">https://download=
s.wordpress.org/plugin/captain-slider.zip</a><br># Version: 1.0.6<br># Test=
ed on: Kali , Iceweasel Browser<br># CVE : N/A<br># Contact : <a href=3D"ht=
tp://twitter.com/0xClay">http://twitter.com/0xClay</a><br># Email : <a href=
=3D"mailto:[email protected]">[email protected]</a><br># Site : <a href=3D"ht=
tp://bhunter.ir">http://bhunter.ir</a><br><br># Intrduction : <br><br># Wor=
dpress Captain Slider Plugin Have 3000+ Active Install <br># And Suffer Fro=
m A Stored XSS Vulnerability In Title And Caption Section .<br># Authors , =
Editors And Of Course Administrators This Vulnerability To Harm WebSite .<b=
r><br># Exploit : <br><br># To Exploit This Vulnerability Go To Manage Sild=
er Section And Add Slider In Title And Caption add Your Js Code .<br># Afte=
r Adding New Slider Go To Sorter Section Then You Can See Js Codes Executed=
. <br><br><br>Vulnerable Code :<br>--><br>=C2=A0=C2=A0=C2=A0 =C2=A0=C2=
=A0=C2=A0 <th class=3D"column-order"><?php _e('Order=
', 'ctslider'); ?></th><br>=C2=A0=C2=A0=C2=A0 =C2=A0=
=C2=A0=C2=A0 <th class=3D"column-thumbnail"><?php _e(=
9;Slide Image', 'ctslider'); ?></th><br>=C2=A0=C2=A0=
=C2=A0 =C2=A0=C2=A0=C2=A0 <th class=3D"column-title"><?p=
hp _e('Title', 'ctslider'); ?></th><br>=C2=A0=C2=
=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 <br><br><br><br><br><!--=
Discovered By Arash Khazaei (Aka JunkyBoy) --><br></div>
--e89a8ff1ccaefae749051e667db5--
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Aug 2015 00:00Current
7High risk
Vulners AI Score7