WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting

Author: Outlasted
type: webapps
platform: php
port: 80.0
date_added: 2015-09-08 
date_updated: 2015-09-10 
verified: 1 
codes: OSVDB-127478 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt38500/38105-1.png 
application_url: http://www.exploit-db.comwhitelabel-framework-2.0.6.tar.gz

# Exploit Title: Wordpress White-Label Framework XSS
# Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymail_iframe.php
# Date: 7 September 2015
# Exploit Author: Outlasted
# Software Link: wordpress.com / http://whitelabelframework.com/
# Version: 2.0.6
#Greetz to: TeaMp0isoN
=====================================================
Vulnerable url: /wp-content/themes/whitelabel-framework/inc/form-sharebymail_iframe.php


=====================================================
How to exploit?
----------------------------------------------------------------------------------------------------------

Enter your XSS payload in all forms and watch the magic.