# Exploit Title: WordPress Plugin Disqus Comment System < = 2.68 Reflected Cross-Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/disqus-comment-system/
# Date: 11.12.11
# Author: Ryan Dewhurst (@ethicalhack3r)
# Software Link: http://downloads.wordpress.org/plugin/disqus-comment-system.2.68.zip
# Version: 2.68
# Tested on: Cross-Platform
** Vulnerability Description **
The WordPress Disqus Commment System version 2.68 was found to be effected by Reflected Cross-Site Scripting (XSS). At the time of writing the plugin (not version) had been downloaded 504,746 times. [0]
** Software Description **
DISQUS is a comments platform that helps you build an active community from your website’s audience. It has awesome features, powerful tools, and it’s easy to install. [1] The Disqus comment system replaces your WordPress comment system with your comments hosted and powered by Disqus. [0]
** Proof of Concept (PoC) **
Vulnerable page: /wp-content/plugins/disqus-comment-system/lib/wp-cli.php
Vulnerable parameter: User-Agent HTTP Header
XSS payload: script alert(1) script
** Vulnerability Timeline **
2011-09-25: Vendor Informed.
2011-11-30: Vendor released patched version 2.69.
2011.12.11: Vulnerability Disclosed.
** References **
[0] http://wordpress.org/extend/plugins/disqus-comment-system/
[1] http://disqus.com/
One Response
Hi :)
It’s about your tool.
When I try to break the passwords, the program responds to me something like: “[+] Starting the password Brute Force” “Brute forcing 1707657 passwods with admin …” “ERROR: We sent a blank password.” Do you have any suggestions for me? I use BackTrack5 R1.
Thanks:)