Full Disclosure mailing list archives
Persistent XSS vulnerability in WP-UserOnline
From: "MustLive" <mustlive () websecurity com ua>
Date: Mon, 24 Dec 2012 23:38:39 +0200
Hello list! in 2010 I've disclosed multiple vulnerabilities (Cross-Site Scripting and Full path disclosure) in WordPress plugin WP-UserOnline (http://securityvulns.ru/Ydocument162.html, http://seclists.org/fulldisclosure/2010/Jul/8). And recently I've disclosed the exploit for persistent XSS vulnerability in WP-UserOnline. It must be interesting for those who want to test this vulnerability. Exploit: http://websecurity.com.ua/uploads/2012/WP-UserOnline.txt This perl exploit I've developed at 26.04.2010. As I've wrote earlier, vulnerable are WP-UserOnline 2.62 and previous versions. After my informing the developer released WP-UserOnline 2.70 (at 07.05.2010). In version 2.70 he fixed XSS, but not Full path disclosure vulnerabilities. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Persistent XSS vulnerability in WP-UserOnline MustLive (Dec 24)