Automattic: Stored XSS in intensedebate.com via the Comments RSS

Stored XSS in intensedebate.com via the Comments RSS In our "comments.rss" file, the blog post's title reflects to the XML RSS file without any encoding. So I installed the IntenseDebate on my website https://wp.s2.cm, and created a blog post with alertdocument.domain payload on the title. Then, ...

Automattic: SQL Injection intensedebate.com

hello dear support I have found SQL Injection on intensedebate.com parameters injectable ?acctid=1 URL:https://www.intensedebate.com/js/importStatus.php?acctid=1 I'm used sqlmap to injection command sqlmap --url https://www.intensedebate.com/js/importStatus.php?acctid=1 --dbs F1140562 available...

Automattic: [intensedebate.com] Open Redirect

Hello Summary: I have found a Open Redirect on https://intensedebate.com//fb-connect/logoutRedir.php?goto=, the parameters $GET'goto' is reflected to the HTTP-Header Response Location HTTP Request GET /fb-connect/logoutRedir.php?goto=\http://\ HTTP/1.1 Host: intensedebate.com User-Agent:...

Automattic: [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php

Summary Hello, i have found a SQLI Injection Time Based on https://www.intensedebate.com/changeReplaceOpt.php. The parameter $GET'acctid' is vulnerable. Detection I have inject a MySQL function sleep, and it works. GET /changeReplaceOpt.php?&opt=1&acctid=419523%20AND%20SLEEP15 HTTP/1.1 Host:...