HomeНаука и техникаRelated VideosMore From: Felipe Jarenau

CSRF + XSS + File Upload - Ultimate Product Catalogue v3.1.2

4 ratings | 1472 views
This video explains a vulnerability found in the wordpress plugin Ultimate Product Catalogue v3.1.2. This vulnerability was notified to the developer and quickly fixed in subsequent versions. Vulnerability details in https://www.exploit-db.com/exploits/36907/
Html code for embedding videos on your blog
Text Comments (2)
Yassine Boumahdy (3 years ago)
you should have admin full acces ??
Felipe Jarenau (3 years ago)
+Yassine Boumahdy This is a CSRF attack targeting a wordpress administrator.  To upload the backdoor or alter the product to launch XSS against the web customer you need to trick the wordpress administrator to click in a link with the exploit html.

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.