# Exploit Title: WordPress Plugin: WordPress Download Manager Free & Pro
Persistent Cross Site Scripting 

# Google Dork:

# Date: 12-06-2013

# Exploit Author: IT Nerdbox

# Vendor Homepage: http://www.wpdownloadmanager.com # Software Link:
http://downloads.wordpress.org/plugin/download-manager.zip

# Version: v3.3.8

# Tested on: WordPress 3.7.1 on Linux CentOS # CVE : N/A

 

 

 

When creating a new download package you need to enter a title, description
and the file(s) that you want to be available for download. The title input
field is not sanitized and therefor vulnerable to persistent cross site
scripting. The payload used is <input onmouseover=prompt(document.cookie)>

 

 

More information, including screenshots, can be found at:

http://www.nerdbox.it/wordpress-download-manager-xss/

 

Rate this post
Брой прочитания на тази страница: 1105
WordPress Download Manager Free & Pro 2.5.8 – Persistent Cross Site Scripting
Tagged on:     

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *