############################################################################## Wordpress Zingiri Web Shop Plugin <= 2.4.0 Multiple XSS Vulnerabilities author...............: Mehmet Ince twitte...............: https://twitter.com/#!/mmetince mail.................: mehmet.ince@bga.com.tr software link........: http://www.zingiri.com affected versions....: tested on 2.3.0 and 2.4.0 # Exploit Title: Wordpress Zingiri Web Shop Plugin <= 2.4.0 Multiple XSS Vulnerabilities # Google Dork: # Date: 26 Apr 2012 # Author: Mehmet INCE # Software Link: http://downloads.wordpress.org/plugin/zingiri-web-shop.2.4.0.zip # Version: 2.4.0 and older. # Tested on: version of 2.3.0 and 2.4.0 with Ubuntu 11.10 Server with Firefox browser. ############################################################################## /* ## BASIC XSS PS: Exploitable without Authentication plugins/zingiri-web-shop/zing.inc.php line at 401. if ($process=='content' && $page!='ajax' && $page!='downldr') echo '