WordPress Plugin Pie Register - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities

EDB-ID:

38643

CVE:

2013-4954

EDB Verified:

Author:

gravitylover

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2013-07-12

Vulnerable App:
Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED 

source: https://www.securityfocus.com/bid/61140/info

Pie Register plugin for WordPress is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Pie Register 1.30 is vulnerable; other versions may also be affected. 

<?php echo $_POST['pass1'];?>
<?php echo $_POST['pass2'];?>
Tags: WordPress Plugin
Advisory/Source: Link
Downloads Certifications Training Professional Services
Kali Linux OSCP Penetration Testing with Kali Linux (PWK) Penetration Testing
Kali NetHunter OSWP Advanced Web Attacks and Exploitation (AWAE) Advanced Attack Simulation
Kali Linux Revealed Book OSCE Offensive Security Wireless Attacks (WiFu) Application Security Assessment
OSEE Cracking the Perimeter (CTP)
OSWE Metasploit Unleashed (MSFU)
KLCP Free Kali Linux Training
Kali Linux Kali NetHunter Kali Linux Revealed Book
OSCP OSWP OSCE OSEE OSWE KLCP
Penetration Testing with Kali Linux (PWK) Advanced Web Attacks and Exploitation (AWAE) Offensive Security Wireless Attacks (WiFu) Cracking the Perimeter (CTP) Metasploit Unleashed (MSFU) Free Kali Linux training
Penetration Testing Advanced Attack Simulation Application Security Assessment