/*********************************************************************************** ** Exploit Title: Wordpress Contact Form to Email Plugin CSRF/XSS ** ** Exploit Author: Ashiyane Digital Security Team ** ** Discovered By: Mahdi.Hidden ** ** Vendor Homepage : https://wordpress.org/plugins/contact-form-to-email/ ** ** Software Link: https://downloads.wordpress.org/plugin/contact-form-to-email.zip ** ** Google Dork: none ** ** Date: 2015-05-13 ** ** Tested on: Windows 7 / Mozila Firefox ** *********************************************************************************** ** Exploit Code: ******************
*********************************************************************************** ** Vulnerable Code: ****************** To Patch XSS : *********************************************************************************** ** Special thanks to: ACC3SS - Milad Hacking - T3rm!nat0r5 *********************************************************************************** ***********************************************************************************\