chevron_left chevron_right
Login Register invert_colors photo_library
Thread Rating:
  • 2 Vote(s) - 2.5 Average


filter_list XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress
Author
Message
XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #1





Info and source: https://github.com/Prochainezo/xss2shell

[+] 1 user Likes Dyme's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #2
I'm surprised there aren't any replies. Interesting video. I like how you've taken what would normally be a minor vulnerability and turned it into a major one. I don't know a load about Wordpress, but I will be looking at the source. Nice share!

Edit: Lol wowo nice
[Image: 7ajmN5P.jpg]


Skype: oni_sl (Add)
Steam: Oni | SL (Add)

[+] 1 user Likes Oni's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #3
So if there is an xss on a wordpress theme, executing this via scr="foreginhost.com/out.js" would cause a shell on the wp site?
#MakeSinisterlySexyAgain

[+] 1 user Likes Adorapuff's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #4
Props for the filthy frank background song. Good shit Dyme.

[+] 1 user Likes Losi-chan's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #5
(08-01-2014, 06:40 AM)Adorapuff Wrote: So if there is an xss on a wordpress theme, executing this via scr="foreginhost.com/out.js" would cause a shell on the wp site?

You betcha. Any XSS vulnerability on the site will get you a shell.

[+] 1 user Likes Dyme's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #6
So this allows you to get a shell from any XSS vulnerability? Seems like not many people have seen it yet. Awesome share!

[+] 1 user Likes Eclipse's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #7
Zeekill mentioned something similar (if not the same thing) to this the other day on HF. It had to do with executing php inside the alert box.

Thanks for not being a dick and sharing this with everyone.
XMPP - wrath@xmpp.jp

[+] 1 user Likes Crypt's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #8
Here's some public wordpress vulns that you guys can go through and try and find xss in here. http://www.exploit-db.com/search/?action...filter_cve=
#MakeSinisterlySexyAgain

[+] 1 user Likes Adorapuff's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #9
(08-01-2014, 07:03 PM)Adorapuff Wrote: Here's some public wordpress vulns that you guys can go through and try and find xss in here. http://www.exploit-db.com/search/?action...filter_cve=

I was going to post just that.

[+] 1 user Likes Eclipse's post
Reply

RE: XSS2SHELL - Leverage XSS to RCE in a matter of seconds on Wordpress #10
(08-01-2014, 06:08 PM)Crypt Wrote: Zeekill mentioned something similar (if not the same thing) to this the other day on HF. It had to do with executing php inside the alert box.

Thanks for not being a dick and sharing this with everyone.

hes on hf again? jeez
Unleash the lead from my pistol into my head bumpin' crystal

[+] 1 user Likes Alan Turing's post
Reply






Users browsing this thread: 1 Guest(s)