Tuesday, September 7, 2010

Wordpress Events Manager Extended Plugin Persistent XSS Vulnerability

0
in

# Author: Craw
# Email: craw@element7.eu
# Software Link: http://wordpress.org/extend/plugins/events-manager-extended/
# Version: 3.1.2
# Category: webapplications

=======================================================


[+] ExploiT [1] : If you are allowed to leave a comment:

Persistent XSS Vulnerability: You can inject Javascript Code in your comment.
The Code will be displayed below the event.


[+] ExploiT [2] : If you are allowed to book an event:

Persistent XSS Vulnerability: You can inject Javascript Code in [Name] , [Email] , [Phonenumber] , [Comment]
The Code will be displayed in the Wordpress Backend -> http://www.site.com/wp-admin/admin.php?page=events-manager-people

0 comments:

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting