Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-3526 PoC — WordPress Traffic Analyzer插件‘aoid’参数跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2013/CVE-2013-3526.yaml
Associated Vulnerability
Title:WordPress Traffic Analyzer插件‘aoid’参数跨站脚本漏洞 (CVE-2013-3526)
Description:WordPress Traffic Analyzer插件是站点流量分析工具。 WordPress的Traffic Analyzer插件中的aoid参数中存在跨站脚本漏洞,该漏洞源于程序没有正确过滤用户提供的输入。当用户浏览被影响的网站时,其浏览器将执行攻击者的任意代码,这可能导致攻击者窃取基于cookie的身份认证并发起其它攻击。
Description
A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
File Snapshot

 id: CVE-2013-3526

info:
  name: WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
  a

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.