WordPress White-Label Framework 2.0.6 - XSS Vulnerability

安装好whitelable主题之后漏洞文件位置是: /whitelable-framework/inc/snippets/form-sharebymailiframe.php Line 48 50: $recipient = $POST'recipemail'; if stripos$recipient, ',' $recipient = substr$recipient, 0, stripos$recipient, ','; 可以看到这里POST方式接收到的recipemail只是去掉了逗号之后的内容然后就直接存入变量$recipient Line 86: Your Message h...

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting

Exploit Title: Wordpress White-Label Framework XSS Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymailiframe.php Date: 7 September 2015 Exploit Author: Outlasted Software Link: wordpress.com / http://whitelabelframework.com/ Version: 2.0.6 Greetz to: TeaMp0isoN...

WordPress White Label Framework theme 2.0.6 - XSS

White Label Framework theme is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting Exploit Title: Wordpress White-Label Framework XSS Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymailiframe.php Date: 7 September 2015 Exploit Author: Outlasted Software Link: wordpress.com /...