<!--
# Exploit Title: Wordpress Responsive Thumbnail Slider Stored XSS
# Date: 2015/8/29
# Exploit Author: Arash Khazaei
# Vendor Homepage: https://wordpress.org/plugins/wp-responsive-thumbnail-slider/
# Software Link: https://downloads.wordpress.org/plugin/wp-responsive-thumbnail-slider.zip
# Version: 1.0
# Tested on: Kali , Iceweasel Browser
# CVE : N/A
# Contact : http://twitter.com/0xClay
# Email : 0xclay@gmail.com
# Site : http://bhunter.ir
# Intrduction :
# Wordpress Responsive Thumbnail Slider Plugin iS A With 6000+ Active Install
# And Suffer From A Stored XSS Vulnerability In Image Title Section .
# Authors , Editors And Of Course Administrators This Vulnerability To Harm WebSite .
Exploit :
To Exploit This Vulnerability When Adding Image With This Plugin
In Title Section Place Your JavaScript Code .
# Vulnerable Code In wp-responsive-images-thumbnail-slider.php file in line [816]:
-->
<tr valign="top" >
<td class="alignCenter check-column" data-title="Select Record" ><input type="checkbox" value="<?php echo $row['id'] ?>" name="thumbnails[]"></td>
<!-- Vulnerable Code --> <td data-title="Title" ><strong><?php echo stripslashes($row['title']) ?></strong></td>
<td data-title="Image" class="alignCenter">
<img src="<?php echo $outputimgmain;?>" style="width:50px" height="50px"/>
</tr>
<!--
To Patch This Vulnerability :
-->
<tr valign="top" >
<td class="alignCenter check-column" data-title="Select Record" ><input type="checkbox" value="<?php echo $row['id'] ?>" name="thumbnails[]"></td>
<!-- Patched Code --> <td data-title="Title" ><strong><?php echo htmlspecialchars($row['title']) ?></strong></td>
<td data-title="Image" class="alignCenter">
<img src="<?php echo $outputimgmain;?>" style="width:50px" height="50px"/>
</tr>
<!-- Discovered By Arash Khazaei (Aka JunkyBoy) -->