WordPress White-Label Framework 2.0.6 - XSS Vulnerability

安装好whitelable主题之后漏洞文件位置是: /whitelable-framework/inc/snippets/form-sharebymailiframe.php Line 48 50: $recipient = $POST'recipemail'; if stripos$recipient, ',' $recipient = substr$recipient, 0, stripos$recipient, ','; 可以看到这里POST方式接收到的recipemail只是去掉了逗号之后的内容然后就直接存入变量$recipient Line 86: Your Message h...

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting Exploit Title: Wordpress White-Label Framework XSS Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymailiframe.php Date: 7 September 2015 Exploit Author: Outlasted Software Link: wordpress.com /...