facebook facebook twitter rss

Wordpress lasTunes Plugin Cross Site Scripting

Author: CYCLONER , Published: 19-09-2015
# Exploit Title : Wordpress lasTunes Plugin Cross Site Scripting
# Exploit Author : CYCLONER
# Author Page : http://mihancyber.org
# Vendor Hompage : https://wordpress.org/plugins/lastunes/
# Date : 9/5/2015
# Tested On : Windows 10
# Software Link : https://downloads.wordpress.org/plugin/lastunes.3.6.1.zip
# Version : 3.6.10
# Vulnerable File and code:
lasTunes.php (lasTunes settings)

Vulnerable Codes :

line : 218

for ($i=0; $i<$opt_num; $i++) {
$page_options .= $opt_names[$i] . ',';
echo '<tr valign="top">';
echo '<th scope="row">' . $opt_label[$i] . '</th>';
echo '<td><input type="text" id="' . $opt_names[$i] . '" name="' .
$opt_names[$i] . '" value="' . $opt_value[$i] . '" size="50" /></td>';
echo '</tr>';
}

# Enjoy

Like us on Facebook :