####################################################
# Exploit Title: Wordpress Ad King Pro Stored XSS Vulnerability
# Date: 2015/dec/27
# Exploit Author: ALIREZA_PROMIS
# Vendor Homepage: https://wordpress.org/plugins/adkingpro/
# Software Link: https://downloads.wordpress.org/plugin/adkingpro.1.9.17.zip
# Version: 1.9.17
# Tested on: windows 7 / FireFox
####################################################

#Exploitation :
For Exploiting This Vulnerability You Should Install "Ad King Pro"
http://programadoraweb.es/wp-admin/post-new.php?post_type=adverts_posts
In "adver image attributes" and   "Campaign (GA Category)"   and   "Banner Name (GA Label)"     textbox Can Place Your JavaScript Code  and click on "Publish" .


#execute
1 - in edit page :
after click on publish and refresh page run your javascript code .

2 - in edit page :
when you try for edit your advert , execute your js code :
http://localhost/wp-admin/post.php?post=[post_id]&action=edit


{ you can steal admin cookie with moderator access }
####################################################
# Special Thanks: Sajjad Sotoudeh
# http://iransec.net/forums
# Mr.Moein , sheytan azzam , Mr.PERSIA , HellBoy.Blackhat , Jok3r
#  Sajjad Sotoudeh, Kamran Helish , Dr.RooT , Milad Inj3ctor , Mr,Turk
#
# [+] fb.com/alirezapomis.blackhat
####################################################