WordPress GetYourGuide Ticketing 1.0.6 Cross Site Scripting
2024-8-30 22:55:15 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏
2024-8-30 22:55:15 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏
- WordPress GetYourGuide Ticketing 1.0.6 Cross Site Scripting
- Posted Aug 30, 2024
- Authored by indoushka
WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.
- tags | exploit, xss
- SHA-256 |
dcd22c45ffe7169dcb5e713498bc6fad3ab5097f2e800f6255a9b1b944a8c7ac - Download | Favorite | View
=============================================================================================================================================
| # Title : WordPress GetYourGuide Ticketing plugin 1.0.6 XSS Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : https://downloads.wordpress.org/plugin/getyourguide-ticketing.1.0.6.zip |
=============================================================================================================================================poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] infected item : <input type="text" name="partner_hash" value="<?php echo $partner_hash?>"></input>
[+] Install the plugin ‘GetYourGuide Ticketing’ & activate it.
[+] Navigate toward the GYG-Ticketing.
[+] USe Payload : ` “><img src=x onerror=alert(1)>`
[+] Go to link builder to verify the XSS pop-up.
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================
File Tags
- ActiveX (933)
- Advisory (86,594)
- Arbitrary (16,912)
- BBS (2,859)
- Bypass (1,880)
- CGI (1,034)
- Code Execution (7,846)
- Conference (691)
- Cracker (844)
- CSRF (3,414)
- DoS (25,130)
- Encryption (2,389)
- Exploit (53,332)
- File Inclusion (4,267)
- File Upload (1,002)
- Firewall (822)
- Info Disclosure (2,894)
- Intrusion Detection (916)
- Java (3,144)
- JavaScript (899)
- Kernel (7,244)
- Local (14,809)
- Magazine (587)
- Overflow (13,180)
- Perl (1,435)
- PHP (5,228)
- Proof of Concept (2,398)
- Protocol (3,733)
- Python (1,649)
- Remote (31,708)
- Root (3,639)
- Rootkit (529)
- Ruby (632)
- Scanner (1,657)
- Security Tool (8,034)
- Shell (3,282)
- Shellcode (1,217)
- Sniffer (903)
- Spoof (2,279)
- SQL Injection (16,630)
- TCP (2,445)
- Trojan (690)
- UDP (905)
- Virus (670)
- Vulnerability (33,028)
- Web (9,975)
- Whitepaper (3,782)
- x86 (967)
- XSS (18,272)
- Other
File Archives
Systems
- AIX (429)
- Apple (2,099)
- BSD (377)
- CentOS (58)
- Cisco (1,927)
- Debian (7,112)
- Fedora (1,693)
- FreeBSD (1,246)
- Gentoo (4,567)
- HPUX (880)
- iOS (378)
- iPhone (108)
- IRIX (220)
- Juniper (69)
- Linux (50,945)
- Mac OS X (691)
- Mandriva (3,105)
- NetBSD (256)
- OpenBSD (489)
- RedHat (16,659)
- Slackware (941)
- Solaris (1,611)
- SUSE (1,444)
- Ubuntu (9,783)
- UNIX (9,443)
- UnixWare (187)
- Windows (6,679)
- Other
文章来源: https://packetstormsecurity.com/files/180467/wpgygt106-xss.txt
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh