[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wordpress Lanoba Social Plugin Xss Vulnerabilities
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities
- From: Henri Salo <henri@xxxxxxx>
- Date: Mon, 21 Nov 2011 20:24:08 +0200
On Sat, Nov 19, 2011 at 05:40:16AM +0000, Amir@xxxxxxxx wrote:
> a bug in wordpress Lanoba Social Plugin that allows to us to occur a
> Cross-Site Scripting on a Remote machin.
>
>
>
>
> #####################################################################################################################
> #
> #
> # Islamic Republic Of Iran Security Team
> #
> #
> #
> # Www.IrIsT.Ir
> #
> #
> #
> #####################################################################################################################
> #
> #
> # wordpress Lanoba Social Plugin Xss Vulnerabilities
> #
> #
> #
> # Download......: wordpress.org/extend/plugins/lanoba-social-plugin/
> #
> #
> #
> # Bug Found.....: IrIsT?
> #
> #
> #
> # discovery.....: Am!r (IrIsT?)
> #
> #
> #
> # contact.......: Amir[at]IrIsT.ir
> #
> #
> #
> # Exploit.......:
> http://www.site.com/[path]/wp-content/plugins/lanoba-social-plugin/index.php?action=[xss]
> #
> #
> #
> # Google Search.: "Powered By wordpress"
> #
> #
> #
> # SP TNX........: B3HZ4D & The-0utl4w & SeCuRiTy & m3hdi & vahid4251 & all
> IrIsT members #
> # & h4ckcity.org & phc.ir & zarbat.org & all SP
> #
> #
> #
> #####################################################################################################################
Reported also to the author:
https://wordpress.org/support/topic/plugin-lanoba-social-plugin-xss-vulnerabilities
Best regards,
Henri Salo