The Hacker News Logo
Subscribe to Newsletter

Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3

Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3

Two Indian Security Experts : Aditya Modha & Samir Shah from from Net-Square Solutions reveals Zero Day Reflected Cross Site Scripting vulnerability in latest version of wordpress 3.3 !

Vulnerability exploit the comment feature of Wordpress Blog. Following two Steps mentioned in Exploit.

Step 1: Post a comment to the target website.
Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is http://192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6.

Get Complete Exploit Here

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.