hiredhacker.com

hiredhacker.com hiredhacker.com hiredhacker.com hiredhacker.com

relevant ramblings of an ethical hacker

relevant ramblings of an ethical hacker relevant ramblings of an ethical hacker relevant ramblings of an ethical hacker relevant ramblings of an ethical hacker

"Dig into my mind deep enough you'll find a graveyard, I get nervous bodies will resurface every time it rains hard." - Sage Francis

Posts Tagged “wordpress”

02 Feb 2008

XSS in WP Contact Form III.

Posted by: Gerry Eisenhaur in Content, tags: 0day, advisory, exploit, wordpress, xss

The WP Contact Form III 1.4.1 WordPress plugin by ‘KristinKWangen’ is vulnerable to multiple cross site scripting attacks.

Note to developers, this does not stop script injection attacks:

From wp-contactform.php line 105:
$_POST['wpcf_your_name'] = stripslashes(trim($_POST['wpcf_your_name']));

Also note that this is not a very good way to die:

From buttonsnap.php line 28:
$selection = isset($_POST['selection']) ? $_POST['selection'] : @$_GET['selection']; $selection = apply_filters($dispatch, $selection); die($selection);

4 Comments »

Search
Tags
0day advisory exploit firefox hacking python researching reverse engineering site info tools webappsec wordpress xss xss 0day advisory
Sponsered Ads

Entries (RSS) and Comments (RSS).
16 queries. 9.977 seconds.

hiredhacker.com

relevant ramblings of an ethical hacker

Posts Tagged “wordpress”

XSS in WP Contact Form III.

Search

Tags

Sponsered Ads