xss

###################### # Exploit Title : WordPress Video Gallery 2.5 SQL Injection and XSS Vulnerabilities # Exploit Author : Claudio Viviani # Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery # Software Link : http://downloads.wordpress.org/plugin/contus-video-gallery.2.5.zip # Dork Google: inurl:/contus-video-gallery/hdflvplayer/hdplayer.swf (Click on "Repeat the search with the omitted results included") # Date : 2014-07-15 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1....

###################### # Exploit Title : WordPress Compfight 1.4 Authenticated Cross Site Scripting # Exploit Author : Claudio Viviani - HomeLab IT # Vendor Homepage : http://wordpress.org/plugins/easy-banners/ # Software Link : http://downloads.wordpress.org/plugin/compfight.1.4.zip # Date : 2014-07-03 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://localhost/wp-content/plugins/compfight/compfight-search.php ###################### # Vulnerable code : if (!$search_value) { $input_text = 'Enter Keyword(s)'; } else { $input_text = $search_value; } if ($show_title) { $output ....