Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28922
HistoryJan 02, 2013 - 12:00 a.m.

Persistent XSS vulnerability in WP-UserOnline

2013-01-0200:00:00
vulners.com
13
JSON

Hello 3APA3A!

in 2010 I've disclosed multiple vulnerabilities (Cross-Site Scripting and Full path disclosure) in WordPress plugin WP-UserOnline (http://securityvulns.ru/Ydocument162.html, http://seclists.org/fulldisclosure/2010/Jul/8). And recently I've disclosed the exploit for persistent XSS vulnerability in WP-UserOnline. It must be interesting for those who want to test this vulnerability.

Exploit:

http://websecurity.com.ua/uploads/2012/WP-UserOnline.txt

This perl exploit I've developed at 26.04.2010.

As I've wrote earlier, vulnerable are WP-UserOnline 2.62 and previous versions. After my informing the developer released WP-UserOnline 2.70 (at 07.05.2010). In version 2.70 he fixed XSS, but not Full path disclosure vulnerabilities.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON