--e89a8ff1ccaefae749051e667db5 Content-Type: text/plain; charset=UTF-8 <!-- # Exploit Title: Wordpress Captain Slider Stored XSS # Date: 2015/8/29 # Exploit Author: Arash Khazaei . # Vendor Homepage: https://wordpress.org/plugins/captain-slider/ # Software Link: https://downloads.wordpress.org/plugin/captain-slider.zip # Version: 1.0.6 # Tested on: Kali , Iceweasel Browser # CVE : N/A # Contact : http://twitter.com/0xClay # Email : 0xclay@gmail.com # Site : http://bhunter.ir # Intrduction : # Wordpress Captain Slider Plugin Have 3000+ Active Install # And Suffer From A Stored XSS Vulnerability In Title And Caption Section . # Authors , Editors And Of Course Administrators This Vulnerability To Harm WebSite . # Exploit : # To Exploit This Vulnerability Go To Manage Silder Section And Add Slider In Title And Caption add Your Js Code . # After Adding New Slider Go To Sorter Section Then You Can See Js Codes Executed . Vulnerable Code : --> <th class="column-order"><?php _e('Order', 'ctslider'); ?></th> <th class="column-thumbnail"><?php _e('Slide Image', 'ctslider'); ?></th> <th class="column-title"><?php _e('Title', 'ctslider'); ?></th> <!-- Discovered By Arash Khazaei (Aka JunkyBoy) --> --e89a8ff1ccaefae749051e667db5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">&lt;!--<br># Exploit Title: Wordpress Captain Slider Store= d XSS<br># Date: 2015/8/29<br># Exploit Author: Arash Khazaei .<br># Vendor= Homepage: <a href=3D"https://wordpress.org/plugins/captain-slider/">https:= //wordpress.org/plugins/captain-slider/</a><br># Software Link: <a href=3D"= https://downloads.wordpress.org/plugin/captain-slider.zip">https://download= s.wordpress.org/plugin/captain-slider.zip</a><br># Version: 1.0.6<br># Test= ed on: Kali , Iceweasel Browser<br># CVE : N/A<br># Contact : <a href=3D"ht= tp://twitter.com/0xClay">http://twitter.com/0xClay</a><br># Email : <a href= =3D"mailto:0xclay@gmail.com">0xclay@gmail.com</a><br># Site : <a href=3D"ht= tp://bhunter.ir">http://bhunter.ir</a><br><br># Intrduction : <br><br># Wor= dpress Captain Slider Plugin Have 3000+ Active Install <br># And Suffer Fro= m A Stored XSS Vulnerability In Title And Caption Section .<br># Authors , = Editors And Of Course Administrators This Vulnerability To Harm WebSite .<b= r><br># Exploit : <br><br># To Exploit This Vulnerability Go To Manage Sild= er Section And Add Slider In Title And Caption add Your Js Code .<br># Afte= r Adding New Slider Go To Sorter Section Then You Can See Js Codes Executed= . <br><br><br>Vulnerable Code :<br>--&gt;<br>=C2=A0=C2=A0=C2=A0 =C2=A0=C2= =A0=C2=A0 &lt;th class=3D&quot;column-order&quot;&gt;&lt;?php _e(&#39;Order= &#39;, &#39;ctslider&#39;); ?&gt;&lt;/th&gt;<br>=C2=A0=C2=A0=C2=A0 =C2=A0= =C2=A0=C2=A0 &lt;th class=3D&quot;column-thumbnail&quot;&gt;&lt;?php _e(&#3= 9;Slide Image&#39;, &#39;ctslider&#39;); ?&gt;&lt;/th&gt;<br>=C2=A0=C2=A0= =C2=A0 =C2=A0=C2=A0=C2=A0 &lt;th class=3D&quot;column-title&quot;&gt;&lt;?p= hp _e(&#39;Title&#39;, &#39;ctslider&#39;); ?&gt;&lt;/th&gt;<br>=C2=A0=C2= =A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 <br><br><br><br><br>&lt;!--= Discovered By Arash Khazaei (Aka JunkyBoy) --&gt;<br></div> --e89a8ff1ccaefae749051e667db5--