[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities
From: Amir@xxxxxxxx
Date: Wed, 23 Nov 2011 07:38:58 GMT

a bug in Wordpress clickdesk-live-support-chat plugin that allows to us to 
occur a Cross-Site Scripting on a Remote machin.




################################################################################################################################
#                                                                               
                                               #
#                           Www.Aria-security.com/forum/                        
                                               #
#                                                                               
                                               #
################################################################################################################################
#                                                                               
                                               #
# Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting 
Vulnerabilities                                            #
#                                                                               
                                               #
# Download......: 
http://wordpress.org/extend/plugins/clickdesk-live-support-chat/                
                             #
#                                                                               
                                               #
# Bug Found.....: http://Aria-Security.Com/forum/                               
                                               #
#                                                                               
                                               #
# discovery.....: Am!r (IrIsT?)                                                 
                                               #
#                                                                               
                                               #
# contact.......: Amir[at]IrIsT.ir                                              
                                               #
#                                                                               
                                               #
# Exploit.......: 
http://www.site.com/[path]/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=[xss]
     #
#                                                                               
                                               #
# Google Search.: "Powered by Wordpress"                                        
                                               #
#                                                                               
                                               #
# Me............:  IrIsT.Ir  &   Aria-security.com                              
                                               #
#                                                                               
                                               #
################################################################################################################################

Prev by Date: Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities
Next by Date: PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability
Previous by thread: Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities
Next by thread: PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability
Index(es):
- Date
- Thread