#################################
# Iranian Exploit DataBase Forum
# http://iedb.ir/acc
# http://iedb.ir
#################################
# Exploit Title : Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities
# Author : Iranian Exploit DataBase
# Discovered By : IeDb
# Email : IeDb.Team@Gmail.com
# Home : http://iedb.ir - http://iedb.ir/acc
# Software Link : http://wordpress.org/plugins/videowhisper-live-streaming-integration/
# Security Risk : High
# Tested on : Linux
# Dork : inurl:/videowhisper-live-streaming-integration/ls/htmlchat.php
#################################
# C0de :
<?php
$room = $_GET['n'];
if (!$room) $room = $_POST['n'];
//do not allow access to other folders
if ( strstr($room,"/") || strstr($room,"..") )
{
echo "Access denied.";
exit;
}
$name = $_POST['name'];
$message = $_POST['message'];
$day=date("y-M-j",time());
$chatfile = "uploads/$room/Log$day.html";
?>
# Exploit :
Please open the site vulnerable.
Put the script in the Field Name or Message
# Dem0 :
http://fXXov.ng/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php
http://www.taX.com/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php
http://www.Xto/NETI/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php
http://www.piXg.com/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php
http://peceliXdist.org/wp-content/plugins/videowhisper-live-streaming-integration/ls/htmlchat.php
#################################
# Exploit Archive = http://www.iedb.ir/exploits-402.html
#################################