Wordpress Download Manager Free & Pro 2.5.8 - Persistent Cross Site Scripting



EDB-ID: 30105 CVE: N/A OSVDB-ID: N/A
Author: Jeroen - IT Nerdbox Published: 2013-12-08 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Screenshot
Prev Home Next
# Exploit Title: Wordpress Plugin: Wordpress Download Manager Free & Pro
Persistent Cross Site Scripting 

# Google Dork:

# Date: 12-06-2013

# Exploit Author: IT Nerdbox

# Vendor Homepage: http://www.wpdownloadmanager.com # Software Link:
http://downloads.wordpress.org/plugin/download-manager.zip

# Version: v3.3.8

# Tested on: Wordpress 3.7.1 on Linux CentOS # CVE : N/A

 

 

 

When creating a new download package you need to enter a title, description
and the file(s) that you want to be available for download. The title input
field is not sanitized and therefor vulnerable to persistent cross site
scripting. The payload used is <input onmouseover=prompt(document.cookie)>

 

 

More information, including screenshots, can be found at:

http://www.nerdbox.it/wordpress-download-manager-xss/